kubernetes
/
minikube
mirror of https://github.com/kubernetes/minikube.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/kubernetes/minikube into master_srikrishnabh

pull/12084/head
srikrishnabh93@gmail.com 2021-08-26 20:47:47 +05:30
parent e744f3e3cc 0bb1f675ea
commit 6a9d08ecef
206 changed files with 15574 additions and 14243 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.github/ISSUE_TEMPLATE/fr.md vendored Normal file
View File

@ -0,0 +1,24 @@
---
name: Français
about: Signaler un problème
labels: l/fr
---
<!--- Veuillez inclure la commande "minikube start" que vous avez utilisée dans vos étapes de reproduction --->
**Étapes pour reproduire le problème:**
1.
2.
3.
**Sortie complète de la commande `minikube logs`:**
<details>
</details>
<!--- TIP: Ajoutez l'indicateur "--alsologtostderr" à la ligne de commande pour plus de journaux --->
**Sortie complète de la commande échouée:**
<details>
</details>

2
.github/workflows/build.yml vendored
View File

@ -12,7 +12,7 @@ on:
- "!deploy/iso/**"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
build_minikube:
runs-on: ubuntu-18.04

8
.github/workflows/docs.yml vendored
View File

@ -6,7 +6,7 @@ on:
- master
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
generate-docs:
runs-on: ubuntu-18.04
@ -20,7 +20,10 @@ jobs:
id: gendocs
run: |
make generate-docs
echo "::set-output name=changes::$(git status --porcelain)"
c=$(git status --porcelain)
c="${c//$'\n'/'%0A'}"
c="${c//$'\r'/'%0D'}"
echo "::set-output name=changes::$c"
- name: Create PR
if: ${{ steps.gendocs.outputs.changes != '' }}
uses: peter-evans/create-pull-request@v3
@ -37,6 +40,7 @@ jobs:
body: |
Committing changes resulting from `make generate-docs`.
This PR is auto-generated by the [gendocs](https://github.com/kubernetes/minikube/blob/master/.github/workflows/docs.yml) CI workflow.
```
${{ steps.gendocs.outputs.changes }}
```

8
.github/workflows/leaderboard.yml vendored
View File

@ -7,7 +7,7 @@ on:
release:
types: [published]
env:
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
update-leaderboard:
runs-on: ubuntu-latest
@ -21,7 +21,10 @@ jobs:
id: leaderboard
run: |
make update-leaderboard
echo "::set-output name=changes::$(git status --porcelain)"
c=$(git status --porcelain)
c="${c//$'\n'/'%0A'}"
c="${c//$'\r'/'%0D'}"
echo "::set-output name=changes::$c"
env:
GITHUB_TOKEN: ${{ secrets.MINIKUBE_BOT_PAT }}
- name: Create PR
@ -40,6 +43,7 @@ jobs:
body: |
Committing changes resulting from `make update-leaderboard`.
This PR is auto-generated by the [update-leaderboard](https://github.com/kubernetes/minikube/blob/master/.github/workflows/leaderboard.yml) CI workflow.
```
${{ steps.leaderboard.outputs.changes }}
```

2
.github/workflows/master.yml vendored
View File

@ -14,7 +14,7 @@ on:
- "!deploy/iso/**"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
# Runs before all other jobs
# builds the minikube binaries

2
.github/workflows/pr.yml vendored
View File

@ -12,7 +12,7 @@ on:
- "!deploy/iso/**"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
# Runs before all other jobs
# builds the minikube binaries

6
.github/workflows/pr_verified.yaml vendored
View File

@ -21,7 +21,7 @@ on:
- deleted
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
# Runs before all other jobs
@ -854,7 +854,7 @@ jobs:
$docker_running = $?
}
Write-Output "Docker is running"
docker system prune -f
docker system prune -f --volumes
- name: Info
shell: powershell
run: |
@ -949,7 +949,7 @@ jobs:
$docker_running = $?
}
Write-Output "Docker is running"
docker system prune -f
docker system prune -f --volumes
- name: Info
continue-on-error: true
shell: powershell

2
.github/workflows/time-to-k8s-public-chart.yml vendored
View File

@ -6,7 +6,7 @@ on:
- cron: "0 2,14 * * *"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
time-to-k8s-public-chart:
runs-on: ubuntu-latest

2
.github/workflows/time-to-k8s.yml vendored
View File

@ -5,7 +5,7 @@ on:
types: [released]
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
benchmark:
runs-on: ubuntu-20.04

2
.github/workflows/translations.yml vendored
View File

@ -6,7 +6,7 @@ on:
- "translations/**"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
unit_test:
runs-on: ubuntu-20.04

4
.github/workflows/update-golang-version.yml vendored
View File

@ -6,9 +6,9 @@ on:
- cron: "0 9 * * 1"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
bump-k8s-versions:
bump-golang-version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2

45
.github/workflows/update-golint-version.yml vendored Normal file
View File

@ -0,0 +1,45 @@
name: "update-golint-version"
on:
workflow_dispatch:
schedule:
# every Monday at around 3 am pacific/10 am UTC
- cron: "0 10 * * 1"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.7'
jobs:
bump-golint-version:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: ${{env.GO_VERSION}}
stable: true
- name: Bump Golint Versions
id: bumpGolint
run: |
make update-golint-version
echo "::set-output name=changes::$(git status --porcelain)"
- name: Create PR
if: ${{ steps.bumpGolint.outputs.changes != '' }}
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.MINIKUBE_BOT_PAT }}
commit-message: bump golaint versions
committer: minikube-bot <minikube-bot@google.com>
author: minikube-bot <minikube-bot@google.com>
branch: auto_bump_golint_version
push-to-fork: minikube-bot/minikube
base: master
delete-branch: true
title: 'bump golint version'
labels: ok-to-test
body: |
Golangci-lint Project release a [new version](https://github.com/golangci/golangci-lint/releases),
This PR was auto-generated by `make update-golint-version` using [update-golint-version.yml](https://github.com/kubernetes/minikube/tree/master/.github/workflows/update-golint-version.yml) CI Workflow.

9
.github/workflows/update-k8s-versions.yml vendored
View File

@ -6,7 +6,7 @@ on:
- cron: "0 8 * * 1"
env:
GOPROXY: https://proxy.golang.org
GO_VERSION: '1.16.6'
GO_VERSION: '1.16.7'
jobs:
bump-k8s-versions:
runs-on: ubuntu-20.04
@ -20,7 +20,10 @@ jobs:
id: bumpk8s
run: |
make update-kubernetes-version
echo "::set-output name=changes::$(git status --porcelain)"
c=$(git status --porcelain)
c="${c//$'\n'/'%0A'}"
c="${c//$'\r'/'%0D'}"
echo "::set-output name=changes::$c"
- name: Create PR
if: ${{ steps.bumpk8s.outputs.changes != '' }}
uses: peter-evans/create-pull-request@v3
@ -39,5 +42,7 @@ jobs:
This PR was auto-generated by `make update-kubernetes-version` using [update-k8s-versions.yml](https://github.com/kubernetes/minikube/tree/master/.github/workflows) CI Workflow.
Please only merge if all the tests pass.
```
${{ steps.bumpk8s.outputs.changes }}
```

30
Makefile
View File

@ -23,7 +23,7 @@ KUBERNETES_VERSION ?= $(shell egrep "DefaultKubernetesVersion =" pkg/minikube/co
KIC_VERSION ?= $(shell egrep "Version =" pkg/drivers/kic/types.go | cut -d \" -f2)
# Default to .0 for higher cache hit rates, as build increments typically don't require new ISO versions
ISO_VERSION ?= v1.22.0-1627488369-11483
ISO_VERSION ?= v1.22.0-1628974786-12268
# Dashes are valid in semver, but not Linux packaging. Use ~ to delimit alpha/beta
DEB_VERSION ?= $(subst -,~,$(RAW_VERSION))
DEB_REVISION ?= 0
@ -32,14 +32,15 @@ RPM_VERSION ?= $(DEB_VERSION)
RPM_REVISION ?= 0
# used by hack/jenkins/release_build_and_upload.sh and KVM_BUILD_IMAGE, see also BUILD_IMAGE below
GO_VERSION ?= 1.16.6
# update this only by running `make update-golang-version`
GO_VERSION ?= 1.16.7
# replace "x.y.0" => "x.y". kube-cross and golang.org/dl use different formats for x.y.0 go versions
KVM_GO_VERSION ?= $(GO_VERSION:.0=)
INSTALL_SIZE ?= $(shell du out/minikube-windows-amd64.exe | cut -f1)
BUILDROOT_BRANCH ?= 2020.02.12
BUILDROOT_BRANCH ?= 2021.02.4
REGISTRY ?= gcr.io/k8s-minikube
# Get git commit id
@ -65,9 +66,10 @@ MINIKUBE_BUCKET ?= minikube/releases
MINIKUBE_UPLOAD_LOCATION := gs://${MINIKUBE_BUCKET}
MINIKUBE_RELEASES_URL=https://github.com/kubernetes/minikube/releases/download
KERNEL_VERSION ?= 4.19.182
KERNEL_VERSION ?= 4.19.202
# latest from https://github.com/golangci/golangci-lint/releases
GOLINT_VERSION ?= v1.39.0
# update this only by running `make update-golint-version`
GOLINT_VERSION ?= v1.42.0
# Limit number of default jobs, to avoid the CI builds running out of memory
GOLINT_JOBS ?= 4
# see https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint
@ -75,7 +77,7 @@ GOLINT_GOGC ?= 100
# options for lint (golangci-lint)
GOLINT_OPTIONS = --timeout 7m \
--build-tags "${MINIKUBE_INTEGRATION_BUILD_TAGS}" \
--enable gofmt,goimports,gocritic,golint,gocyclo,misspell,nakedret,stylecheck,unconvert,unparam,dogsled \
--enable gofmt,goimports,gocritic,revive,gocyclo,misspell,nakedret,stylecheck,unconvert,unparam,dogsled \
--exclude 'variable on range scope.*in function literal|ifElseChain'
export GO111MODULE := on
@ -280,8 +282,6 @@ minikube_iso: deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/usr/b
git clone --depth=1 --branch=$(BUILDROOT_BRANCH) https://github.com/buildroot/buildroot $(BUILD_DIR)/buildroot; \
fi;
$(MAKE) BR2_EXTERNAL=../../deploy/iso/minikube-iso minikube_defconfig -C $(BUILD_DIR)/buildroot
mkdir -p $(BUILD_DIR)/buildroot/output/build
echo "module buildroot.org/go" > $(BUILD_DIR)/buildroot/output/build/go.mod
$(MAKE) -C $(BUILD_DIR)/buildroot host-python
$(MAKE) -C $(BUILD_DIR)/buildroot
mv $(BUILD_DIR)/buildroot/output/images/rootfs.iso9660 $(BUILD_DIR)/minikube.iso
@ -682,7 +682,7 @@ docker-multi-arch-builder:
env $(X_BUILD_ENV) docker buildx rm --builder $(X_DOCKER_BUILDER) || true
env $(X_BUILD_ENV) docker buildx create --name $(X_DOCKER_BUILDER) --buildkitd-flags '--debug' || true
KICBASE_ARCH = linux/arm64,linux/amd64
KICBASE_ARCH = linux/amd64,linux/arm,linux/arm64,linux/ppc64le,linux/s390x
KICBASE_IMAGE_GCR ?= $(REGISTRY)/kicbase:$(KIC_VERSION)
KICBASE_IMAGE_HUB ?= kicbase/stable:$(KIC_VERSION)
KICBASE_IMAGE_REGISTRIES ?= $(KICBASE_IMAGE_GCR) $(KICBASE_IMAGE_HUB)
@ -702,6 +702,10 @@ endif
local-kicbase-debug: local-kicbase ## Builds a local kicbase image and switches source code to point to it
$(SED) 's|Version = .*|Version = \"$(KIC_VERSION)-$(COMMIT_SHORT)\"|;s|baseImageSHA = .*|baseImageSHA = \"\"|;s|gcrRepo = .*|gcrRepo = \"local/kicbase\"|;s|dockerhubRepo = .*|dockerhubRepo = \"local/kicbase\"|' pkg/drivers/kic/types.go
.PHONY: build-kic-base-image
build-kic-base-image: docker-multi-arch-builder ## Build multi-arch local/kicbase:latest
env $(X_BUILD_ENV) docker buildx build -f ./deploy/kicbase/Dockerfile --builder $(X_DOCKER_BUILDER) --platform $(KICBASE_ARCH) $(addprefix -t ,$(KICBASE_IMAGE_REGISTRIES)) --load --build-arg COMMIT_SHA=${VERSION}-$(COMMIT) .
.PHONY: push-kic-base-image
push-kic-base-image: docker-multi-arch-builder ## Push multi-arch local/kicbase:latest to all remote registries
ifdef AUTOPUSH
@ -781,7 +785,7 @@ release-notes:
update-leaderboard:
hack/update_contributions.sh
out/docker-machine-driver-kvm2: out/docker-machine-driver-kvm2-amd64
out/docker-machine-driver-kvm2: out/docker-machine-driver-kvm2-$(GOARCH)
$(if $(quiet),@echo " CP $@")
$(Q)cp $< $@
@ -969,6 +973,12 @@ update-kubernetes-version:
(cd hack/update/kubernetes_version && \
go run update_kubernetes_version.go)
.PHONY: update-golint-version
update-golint-version:
(cd hack/update/golint_version && \
go run update_golint_version.go)
.PHONY: update-kubernetes-version-pr
update-kubernetes-version-pr:
ifndef GITHUB_TOKEN

1
README.md
View File

@ -27,6 +27,7 @@ minikube runs the latest stable release of Kubernetes, with support for standard
* [Dashboard](https://minikube.sigs.k8s.io/docs/handbook/dashboard/) - `minikube dashboard`
* [Container runtimes](https://minikube.sigs.k8s.io/docs/handbook/config/#runtime-configuration) - `minikube start --container-runtime`
* [Configure apiserver and kubelet options](https://minikube.sigs.k8s.io/docs/handbook/config/#modifying-kubernetes-defaults) via command-line flags
* Supports common [CI environments](https://github.com/minikube-ci/examples)
As well as developer-friendly features:

4
cmd/auto-pause/auto-pause-hook/config.go
View File

@ -91,8 +91,8 @@ func selfRegistration(clientset *kubernetes.Clientset, caCert []byte) {
klog.Fatal(err2)
}
}
var failurePolicy v1.FailurePolicyType = v1.Fail
var sideEffects v1.SideEffectClass = v1.SideEffectClassNone
var failurePolicy = v1.Fail
var sideEffects = v1.SideEffectClassNone
webhookConfig := &v1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{

3
cmd/minikube/cmd/delete.go
View File

@ -157,7 +157,8 @@ func runDelete(cmd *cobra.Command, args []string) {
if err != nil {
klog.Warningf("'error loading profiles in minikube home %q: %v", localpath.MiniPath(), err)
}
profilesToDelete := append(validProfiles, invalidProfiles...)
profilesToDelete := validProfiles
profilesToDelete = append(profilesToDelete, invalidProfiles...)
// in the case user has more than 1 profile and runs --purge
// to prevent abandoned VMs/containers, force user to run with delete --all
if purge && len(profilesToDelete) > 1 && !deleteAll {

3
cmd/minikube/cmd/delete_test.go
View File

@ -221,7 +221,8 @@ func TestDeleteAllProfiles(t *testing.T) {
t.Errorf("ListProfiles length = %d, expected %d\nvalid: %v\ninvalid: %v\n", len(validProfiles)+len(inValidProfiles), numberOfTotalProfileDirs, validProfiles, inValidProfiles)
}
profiles := append(validProfiles, inValidProfiles...)
profiles := validProfiles
profiles = append(profiles, inValidProfiles...)
hostAndDirsDeleter = hostAndDirsDeleterMock
errs := DeleteProfiles(profiles)

85
cmd/minikube/cmd/docker-env.go
View File

@ -20,6 +20,7 @@ limitations under the License.
package cmd
import (
"encoding/json"
"fmt"
"io"
"net"
@ -33,6 +34,7 @@ import (
apiWait "k8s.io/apimachinery/pkg/util/wait"
"github.com/spf13/cobra"
"gopkg.in/yaml.v2"
"k8s.io/klog/v2"
kconst "k8s.io/kubernetes/cmd/kubeadm/app/constants"
@ -384,12 +386,94 @@ func dockerSetScript(ec DockerEnvConfig, w io.Writer) error {
dockerSetEnvTmpl = dockerEnvTCPTmpl
}
envVars := dockerEnvVars(ec)
if ec.Shell == "none" {
switch outputFormat {
case "":
// shell "none"
break
case "text":
for k, v := range envVars {
_, err := fmt.Fprintf(w, "%s=%s\n", k, v)
if err != nil {
return err
}
}
return nil
case "json":
json, err := json.Marshal(envVars)
if err != nil {
return err
}
_, err = w.Write(json)
if err != nil {
return err
}
_, err = w.Write([]byte{'\n'})
if err != nil {
return err
}
return nil
case "yaml":
yaml, err := yaml.Marshal(envVars)
if err != nil {
return err
}
_, err = w.Write(yaml)
if err != nil {
return err
}
return nil
default:
exit.Message(reason.InternalOutputUsage, "error: --output must be 'text', 'yaml' or 'json'")
}
}
return shell.SetScript(ec.EnvConfig, w, dockerSetEnvTmpl, dockerShellCfgSet(ec, envVars))
}
// dockerSetScript writes out a shell-compatible 'docker-env unset' script
func dockerUnsetScript(ec DockerEnvConfig, w io.Writer) error {
vars := dockerEnvNames(ec)
if ec.Shell == "none" {
switch outputFormat {
case "":
// shell "none"
break
case "text":
for _, n := range vars {
_, err := fmt.Fprintf(w, "%s\n", n)
if err != nil {
return err
}
}
return nil
case "json":
json, err := json.Marshal(vars)
if err != nil {
return err
}
_, err = w.Write(json)
if err != nil {
return err
}
_, err = w.Write([]byte{'\n'})
if err != nil {
return err
}
return nil
case "yaml":
yaml, err := yaml.Marshal(vars)
if err != nil {
return err
}
_, err = w.Write(yaml)
if err != nil {
return err
}
return nil
default:
exit.Message(reason.InternalOutputUsage, "error: --output must be 'text', 'yaml' or 'json'")
}
}
return shell.UnsetScript(ec.EnvConfig, w, vars)
}
@ -508,5 +592,6 @@ func init() {
dockerEnvCmd.Flags().BoolVar(&sshHost, "ssh-host", false, "Use SSH connection instead of HTTPS (port 2376)")
dockerEnvCmd.Flags().BoolVar(&sshAdd, "ssh-add", false, "Add SSH identity key to SSH authentication agent")
dockerEnvCmd.Flags().StringVar(&shell.ForceShell, "shell", "", "Force environment to be configured for a specified shell: [fish, cmd, powershell, tcsh, bash, zsh], default is auto-detect")
dockerEnvCmd.Flags().StringVarP(&outputFormat, "output", "o", "", "One of 'text', 'yaml' or 'json'.")
dockerEnvCmd.Flags().BoolVarP(&dockerUnset, "unset", "u", false, "Unset variables instead of setting them")
}

115
cmd/minikube/cmd/docker-env_test.go
View File

@ -18,10 +18,14 @@ package cmd
import (
"bytes"
"encoding/json"
"os"
"strings"
"testing"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
"gopkg.in/yaml.v2"
)
type FakeNoProxyGetter struct {
@ -36,13 +40,16 @@ func (f FakeNoProxyGetter) GetNoProxyVar() (string, string) {
func TestGenerateDockerScripts(t *testing.T) {
var tests = []struct {
shell string
output string
config DockerEnvConfig
noProxyGetter *FakeNoProxyGetter
wantSet string
wantUnset string
diffOpts []cmp.Option
}{
{
"bash",
"",
DockerEnvConfig{profile: "dockerdriver", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"},
nil,
`export DOCKER_TLS_VERIFY="1"
@ -58,9 +65,11 @@ unset DOCKER_HOST;
unset DOCKER_CERT_PATH;
unset MINIKUBE_ACTIVE_DOCKERD;
`,
nil,
},
{
"bash",
"",
DockerEnvConfig{profile: "dockerdriver", driver: "docker", ssh: true, username: "root", hostname: "host", sshport: 22},
nil,
`export DOCKER_HOST="ssh://root@host:22"
@ -74,9 +83,11 @@ unset DOCKER_HOST;
unset DOCKER_CERT_PATH;
unset MINIKUBE_ACTIVE_DOCKERD;
`,
nil,
},
{
"bash",
"",
DockerEnvConfig{profile: "bash", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs"},
nil,
`export DOCKER_TLS_VERIFY="1"
@ -92,9 +103,11 @@ unset DOCKER_HOST;
unset DOCKER_CERT_PATH;
unset MINIKUBE_ACTIVE_DOCKERD;
`,
nil,
},
{
"bash",
"",
DockerEnvConfig{profile: "ipv6", driver: "kvm2", hostIP: "fe80::215:5dff:fe00:a903", port: 2376, certsDir: "/certs"},
nil,
`export DOCKER_TLS_VERIFY="1"
@ -110,9 +123,11 @@ unset DOCKER_HOST;
unset DOCKER_CERT_PATH;
unset MINIKUBE_ACTIVE_DOCKERD;
`,
nil,
},
{
"fish",
"",
DockerEnvConfig{profile: "fish", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs"},
nil,
`set -gx DOCKER_TLS_VERIFY "1";
@ -128,9 +143,11 @@ set -e DOCKER_HOST;
set -e DOCKER_CERT_PATH;
set -e MINIKUBE_ACTIVE_DOCKERD;
`,
nil,
},
{
"powershell",
"",
DockerEnvConfig{profile: "powershell", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs"},
nil,
`$Env:DOCKER_TLS_VERIFY = "1"
@ -146,9 +163,11 @@ Remove-Item Env:\\DOCKER_HOST
Remove-Item Env:\\DOCKER_CERT_PATH
Remove-Item Env:\\MINIKUBE_ACTIVE_DOCKERD
`,
nil,
},
{
"cmd",
"",
DockerEnvConfig{profile: "cmd", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs"},
nil,
`SET DOCKER_TLS_VERIFY=1
@ -164,9 +183,11 @@ SET DOCKER_HOST=
SET DOCKER_CERT_PATH=
SET MINIKUBE_ACTIVE_DOCKERD=
`,
nil,
},
{
"emacs",
"",
DockerEnvConfig{profile: "emacs", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs"},
nil,
`(setenv "DOCKER_TLS_VERIFY" "1")
@ -181,9 +202,11 @@ SET MINIKUBE_ACTIVE_DOCKERD=
(setenv "DOCKER_CERT_PATH" nil)
(setenv "MINIKUBE_ACTIVE_DOCKERD" nil)
`,
nil,
},
{
"bash",
"",
DockerEnvConfig{profile: "bash-no-proxy", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs", noProxy: true},
&FakeNoProxyGetter{"NO_PROXY", "127.0.0.1"},
`export DOCKER_TLS_VERIFY="1"
@ -202,9 +225,11 @@ unset DOCKER_CERT_PATH;
unset MINIKUBE_ACTIVE_DOCKERD;
unset NO_PROXY;
`,
nil,
},
{
"bash",
"",
DockerEnvConfig{profile: "bash-no-proxy-lower", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs", noProxy: true},
&FakeNoProxyGetter{"no_proxy", "127.0.0.1"},
`export DOCKER_TLS_VERIFY="1"
@ -223,9 +248,11 @@ unset DOCKER_CERT_PATH;
unset MINIKUBE_ACTIVE_DOCKERD;
unset no_proxy;
`,
nil,
},
{
"powershell",
"",
DockerEnvConfig{profile: "powershell-no-proxy-idempotent", driver: "hyperv", hostIP: "192.168.0.1", port: 2376, certsDir: "/certs", noProxy: true},
&FakeNoProxyGetter{"no_proxy", "192.168.0.1"},
`$Env:DOCKER_TLS_VERIFY = "1"
@ -243,9 +270,11 @@ Remove-Item Env:\\DOCKER_CERT_PATH
Remove-Item Env:\\MINIKUBE_ACTIVE_DOCKERD
Remove-Item Env:\\no_proxy
`,
nil,
},
{
"bash",
"",
DockerEnvConfig{profile: "sh-no-proxy-add", driver: "kvm2", hostIP: "127.0.0.1", port: 2376, certsDir: "/certs", noProxy: true},
&FakeNoProxyGetter{"NO_PROXY", "192.168.0.1,10.0.0.4"},
`export DOCKER_TLS_VERIFY="1"
@ -264,9 +293,11 @@ unset DOCKER_CERT_PATH;
unset MINIKUBE_ACTIVE_DOCKERD;
unset NO_PROXY;
`,
nil,
},
{
"none",
"",
DockerEnvConfig{profile: "noneshell", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"},
nil,
`DOCKER_TLS_VERIFY=1
@ -279,11 +310,91 @@ DOCKER_HOST
DOCKER_CERT_PATH
MINIKUBE_ACTIVE_DOCKERD
`,
nil,
},
{
"none",
"text",
DockerEnvConfig{profile: "nonetext", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"},
nil,
`DOCKER_TLS_VERIFY=1
DOCKER_HOST=tcp://127.0.0.1:32842
DOCKER_CERT_PATH=/certs
MINIKUBE_ACTIVE_DOCKERD=nonetext
`,
`DOCKER_TLS_VERIFY
DOCKER_HOST
DOCKER_CERT_PATH
MINIKUBE_ACTIVE_DOCKERD
`,
[]cmp.Option{
cmpopts.AcyclicTransformer("SplitLines", func(s string) []string {
return strings.Split(s, "\n")
}),
cmpopts.SortSlices(func(a, b string) bool {
return a < b
}),
},
},
{
"none",
"json",
DockerEnvConfig{profile: "nonejson", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"},
nil,
`{
"DOCKER_TLS_VERIFY": "1",
"DOCKER_HOST": "tcp://127.0.0.1:32842",
"DOCKER_CERT_PATH": "/certs",
"MINIKUBE_ACTIVE_DOCKERD": "nonejson"
}`,
`[
"DOCKER_TLS_VERIFY",
"DOCKER_HOST",
"DOCKER_CERT_PATH",
"MINIKUBE_ACTIVE_DOCKERD"
]`,
[]cmp.Option{
cmp.FilterValues(func(x, y string) bool {
return json.Valid([]byte(x)) && json.Valid([]byte(y))
},
cmp.Transformer("ParseJSON", func(in string) (out interface{}) {
if err := json.Unmarshal([]byte(in), &out); err != nil {
panic(err) // should never occur given previous filter to ensure valid JSON
}
return out
})),
},
},
{
"none",
"yaml",
DockerEnvConfig{profile: "noneyaml", driver: "docker", hostIP: "127.0.0.1", port: 32842, certsDir: "/certs"},
nil,
`DOCKER_TLS_VERIFY: "1"
DOCKER_HOST: tcp://127.0.0.1:32842
DOCKER_CERT_PATH: /certs
MINIKUBE_ACTIVE_DOCKERD: noneyaml
`,
`- DOCKER_TLS_VERIFY
- DOCKER_HOST
- DOCKER_CERT_PATH
- MINIKUBE_ACTIVE_DOCKERD
`,
[]cmp.Option{
cmpopts.AcyclicTransformer("ParseYAML", func(in string) (out interface{}) {
if err := yaml.Unmarshal([]byte(in), &out); err != nil {
return nil
}
return out
}),
},
},
}
for _, tc := range tests {
t.Run(tc.config.profile, func(t *testing.T) {
tc.config.EnvConfig.Shell = tc.shell
// set global variable
outputFormat = tc.output
defaultNoProxyGetter = tc.noProxyGetter
var b []byte
buf := bytes.NewBuffer(b)
@ -291,7 +402,7 @@ MINIKUBE_ACTIVE_DOCKERD
t.Errorf("setScript(%+v) error: %v", tc.config, err)
}
got := buf.String()
if diff := cmp.Diff(tc.wantSet, got); diff != "" {
if diff := cmp.Diff(tc.wantSet, got, tc.diffOpts...); diff != "" {
t.Errorf("setScript(%+v) mismatch (-want +got):\n%s\n\nraw output:\n%s\nquoted: %q", tc.config, diff, got, got)
}
@ -300,7 +411,7 @@ MINIKUBE_ACTIVE_DOCKERD
t.Errorf("unsetScript(%+v) error: %v", tc.config, err)
}
got = buf.String()
if diff := cmp.Diff(tc.wantUnset, got); diff != "" {
if diff := cmp.Diff(tc.wantUnset, got, tc.diffOpts...); diff != "" {
t.Errorf("unsetScript(%+v) mismatch (-want +got):\n%s\n\nraw output:\n%s\nquoted: %q", tc.config, diff, got, got)
}

135
cmd/minikube/cmd/image.go
View File

@ -144,6 +144,77 @@ var loadImageCmd = &cobra.Command{
},
}
func readFile(w io.Writer, tmp string) error {
r, err := os.Open(tmp)
if err != nil {
return err
}
_, err = io.Copy(w, r)
if err != nil {
return err
}
err = r.Close()
if err != nil {
return err
}
return nil
}
// saveImageCmd represents the image load command
var saveImageCmd = &cobra.Command{
Use: "save IMAGE [ARCHIVE | -]",
Short: "Save a image from minikube",
Long: "Save a image from minikube",
Example: "minikube image save image\nminikube image save image image.tar",
Run: func(cmd *cobra.Command, args []string) {
if len(args) == 0 {
exit.Message(reason.Usage, "Please provide an image in the container runtime to save from minikube via <minikube image save IMAGE_NAME>")
}
// Save images from container runtime
profile, err := config.LoadProfile(viper.GetString(config.ProfileName))
if err != nil {
exit.Error(reason.Usage, "loading profile", err)
}
if len(args) > 1 {
output = args[1]
if args[1] == "-" {
tmp, err := ioutil.TempFile("", "image.*.tar")
if err != nil {
exit.Error(reason.GuestImageSave, "Failed to get temp", err)
}
tmp.Close()
output = tmp.Name()
}
if err := machine.DoSaveImages([]string{args[0]}, output, []*config.Profile{profile}, ""); err != nil {
exit.Error(reason.GuestImageSave, "Failed to save image", err)
}
if args[1] == "-" {
err := readFile(os.Stdout, output)
if err != nil {
exit.Error(reason.GuestImageSave, "Failed to read temp", err)
}
os.Remove(output)
}
} else {
if err := machine.SaveAndCacheImages([]string{args[0]}, []*config.Profile{profile}); err != nil {
exit.Error(reason.GuestImageSave, "Failed to save image", err)
}
if imgDaemon || imgRemote {
image.UseDaemon(imgDaemon)
image.UseRemote(imgRemote)
err := image.UploadCachedImage(args[0])
if err != nil {
exit.Error(reason.GuestImageSave, "Failed to save image", err)
}
}
}
},
}
var removeImageCmd = &cobra.Command{
Use: "rm IMAGE [IMAGE...]",
Short: "Remove one or more images",
@ -165,6 +236,24 @@ $ minikube image unload image busybox
},
}
var pullImageCmd = &cobra.Command{
Use: "pull",
Short: "Pull images",
Example: `
$ minikube image pull busybox
`,
Run: func(cmd *cobra.Command, args []string) {
profile, err := config.LoadProfile(viper.GetString(config.ProfileName))
if err != nil {
exit.Error(reason.Usage, "loading profile", err)
}
if err := machine.PullImages(args, profile); err != nil {
exit.Error(reason.GuestImagePull, "Failed to pull images", err)
}
},
}
func createTar(dir string) (string, error) {
tar, err := docker.CreateTarStream(dir, dockerFile)
if err != nil {
@ -245,6 +334,46 @@ $ minikube image ls
},
}
var tagImageCmd = &cobra.Command{
Use: "tag",
Short: "Tag images",
Example: `
$ minikube image tag source target
`,
Aliases: []string{"list"},
Run: func(cmd *cobra.Command, args []string) {
if len(args) != 2 {
exit.Message(reason.Usage, "Please provide source and target image")
}
profile, err := config.LoadProfile(viper.GetString(config.ProfileName))
if err != nil {
exit.Error(reason.Usage, "loading profile", err)
}
if err := machine.TagImage(profile, args[0], args[1]); err != nil {
exit.Error(reason.GuestImageTag, "Failed to tag images", err)
}
},
}
var pushImageCmd = &cobra.Command{
Use: "push",
Short: "Push images",
Example: `
$ minikube image push busybox
`,
Run: func(cmd *cobra.Command, args []string) {
profile, err := config.LoadProfile(viper.GetString(config.ProfileName))
if err != nil {
exit.Error(reason.Usage, "loading profile", err)
}
if err := machine.PushImages(args, profile); err != nil {
exit.Error(reason.GuestImagePush, "Failed to push images", err)
}
},
}
func init() {
loadImageCmd.Flags().BoolVarP(&pull, "pull", "", false, "Pull the remote image (no caching)")
loadImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image from docker daemon")
@ -252,11 +381,17 @@ func init() {
loadImageCmd.Flags().BoolVar(&overwrite, "overwrite", true, "Overwrite image even if same image:tag name exists")
imageCmd.AddCommand(loadImageCmd)
imageCmd.AddCommand(removeImageCmd)
imageCmd.AddCommand(pullImageCmd)
buildImageCmd.Flags().StringVarP(&tag, "tag", "t", "", "Tag to apply to the new image (optional)")
buildImageCmd.Flags().BoolVarP(&push, "push", "", false, "Push the new image (requires tag)")
buildImageCmd.Flags().StringVarP(&dockerFile, "file", "f", "", "Path to the Dockerfile to use (optional)")
buildImageCmd.Flags().StringArrayVar(&buildEnv, "build-env", nil, "Environment variables to pass to the build. (format: key=value)")
buildImageCmd.Flags().StringArrayVar(&buildOpt, "build-opt", nil, "Specify arbitrary flags to pass to the build. (format: key=value)")
imageCmd.AddCommand(buildImageCmd)
saveImageCmd.Flags().BoolVar(&imgDaemon, "daemon", false, "Cache image to docker daemon")
saveImageCmd.Flags().BoolVar(&imgRemote, "remote", false, "Cache image to remote registry")
imageCmd.AddCommand(saveImageCmd)
imageCmd.AddCommand(listImageCmd)
imageCmd.AddCommand(tagImageCmd)
imageCmd.AddCommand(pushImageCmd)
}

13
cmd/minikube/cmd/mount.go
View File

@ -31,6 +31,7 @@ import (
"github.com/spf13/cobra"
"k8s.io/klog/v2"
"k8s.io/minikube/pkg/minikube/cluster"
"k8s.io/minikube/pkg/minikube/detect"
"k8s.io/minikube/pkg/minikube/driver"
"k8s.io/minikube/pkg/minikube/exit"
"k8s.io/minikube/pkg/minikube/mustload"
@ -111,7 +112,19 @@ var mountCmd = &cobra.Command{
var ip net.IP
var err error
if mountIP == "" {
if detect.IsMicrosoftWSL() {
klog.Infof("Selecting IP for WSL. This may be incorrect...")
ip, err = func() (net.IP, error) {
conn, err := net.Dial("udp", "8.8.8.8:80")
if err != nil {
return nil, err
}
defer conn.Close()
return conn.LocalAddr().(*net.UDPAddr).IP, nil
}()
} else {
ip, err = cluster.HostIP(co.CP.Host, co.Config.Name)
}
if err != nil {
exit.Error(reason.IfHostIP, "Error getting the host IP address to use from within the VM", err)
}

12
cmd/minikube/cmd/start_flags.go
View File

@ -35,6 +35,7 @@ import (
"k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/constants"
"k8s.io/minikube/pkg/minikube/cruntime"
"k8s.io/minikube/pkg/minikube/detect"
"k8s.io/minikube/pkg/minikube/download"
"k8s.io/minikube/pkg/minikube/driver"
"k8s.io/minikube/pkg/minikube/exit"
@ -480,6 +481,17 @@ func generateNewConfigFromFlags(cmd *cobra.Command, k8sVersion string, drvName s
cc.ContainerVolumeMounts = []string{viper.GetString(mountString)}
}
if detect.IsCloudShell() {
err := cc.KubernetesConfig.ExtraOptions.Set("kubelet.cgroups-per-qos=false")
if err != nil {
exit.Error(reason.InternalConfigSet, "failed to set cloud shell kubelet config options", err)
}
err = cc.KubernetesConfig.ExtraOptions.Set("kubelet.enforce-node-allocatable=\"\"")
if err != nil {
exit.Error(reason.InternalConfigSet, "failed to set cloud shell kubelet config options", err)
}
}
return cc
}

2
cmd/minikube/cmd/tunnel.go
View File

@ -86,7 +86,7 @@ var tunnelCmd = &cobra.Command{
sshPort := strconv.Itoa(port)
sshKey := filepath.Join(localpath.MiniPath(), "machines", cname, "id_rsa")
kicSSHTunnel := kic.NewSSHTunnel(ctx, sshPort, sshKey, clientset.CoreV1())
kicSSHTunnel := kic.NewSSHTunnel(ctx, sshPort, sshKey, clientset.CoreV1(), clientset.NetworkingV1())
err = kicSSHTunnel.Start()
if err != nil {
exit.Error(reason.SvcTunnelStart, "error starting tunnel", err)

25
cmd/minikube/cmd/version.go
View File

@ -19,6 +19,7 @@ package cmd
import (
"encoding/json"
"os/exec"
"sort"
"strings"
"github.com/spf13/cobra"
@ -53,13 +54,14 @@ var versionCmd = &cobra.Command{
co := mustload.Running(ClusterFlagValue())
runner := co.CP.Runner
versionCMDS := map[string]*exec.Cmd{
"docker": exec.Command("docker", "version", "--format={{.Client.Version}}"),
"docker": exec.Command("docker", "--version"),
"dockerd": exec.Command("dockerd", "--version"),
"containerd": exec.Command("containerd", "--version"),
"crio": exec.Command("crio", "version"),
"podman": exec.Command("sudo", "podman", "version"),
"crictl": exec.Command("sudo", "crictl", "version"),
"crio": exec.Command("crio", "--version"),
"podman": exec.Command("sudo", "podman", "--version"),
"crictl": exec.Command("sudo", "crictl", "--version"),
"buildctl": exec.Command("buildctl", "--version"),
"ctr": exec.Command("sudo", "ctr", "version"),
"ctr": exec.Command("ctr", "--version"),
"runc": exec.Command("runc", "--version"),
}
for k, v := range versionCMDS {
@ -68,7 +70,10 @@ var versionCmd = &cobra.Command{
klog.Warningf("error getting %s's version: %v", k, err)
data[k] = "error"
} else {
data[k] = strings.TrimSpace(rr.Stdout.String())
version := rr.Stdout.String()
// remove extra lines after the version
version = strings.Split(version, "\n")[0]
data[k] = strings.TrimSpace(version)
}
}
@ -82,7 +87,13 @@ var versionCmd = &cobra.Command{
if gitCommitID != "" {
out.Ln("commit: %v", gitCommitID)
}
for k, v := range data {
keys := make([]string, 0, len(data))
for k := range data {
keys = append(keys, k)
}
sort.Strings(keys)
for _, k := range keys {
v := data[k]
// for backward compatibility we keep displaying the old way for these two
if k == "minikubeVersion" || k == "commit" {
continue

2
deploy/addons/ambassador/ambassador-operator-crds.yaml.tmpl
View File

@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ambassadorinstallations.getambassador.io

3
deploy/addons/gcp-auth/gcp-auth-service.yaml.tmpl
View File

@ -19,7 +19,8 @@ metadata:
namespace: gcp-auth
spec:
ports:
- port: 443
- name: https
port: 443
targetPort: 8443
protocol: TCP
selector:

6
deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl.tmpl → deploy/addons/gcp-auth/gcp-auth-webhook.yaml.tmpl
View File

@ -68,7 +68,7 @@ spec:
serviceAccountName: minikube-gcp-auth-certs
containers:
- name: create
image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen }}{{.Images.KubeWebhookCertgen}}
image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen}}{{.Images.KubeWebhookCertgen}}
imagePullPolicy: IfNotPresent
args:
- create
@ -94,7 +94,7 @@ spec:
spec:
containers:
- name: gcp-auth
image: {{.CustomRegistries.GCPAuthWebhook | default .ImageRepository | default .Registries.GCPAuthWebhook }}{{.Images.GCPAuthWebhook}}
image: {{.CustomRegistries.GCPAuthWebhook | default .ImageRepository | default .Registries.GCPAuthWebhook}}{{.Images.GCPAuthWebhook}}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8443
@ -127,7 +127,7 @@ spec:
serviceAccountName: minikube-gcp-auth-certs
containers:
- name: patch
image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen }}{{.Images.KubeWebhookCertgen}}
image: {{.CustomRegistries.KubeWebhookCertgen | default .ImageRepository | default .Registries.KubeWebhookCertgen}}{{.Images.KubeWebhookCertgen}}
imagePullPolicy: IfNotPresent
args:
- patch

3
deploy/addons/ingress-dns/example/example.yaml
View File

@ -38,6 +38,9 @@ kind: Ingress
metadata:
name: example-ingress
namespace: kube-system
annotations:
# use the shared ingress-nginx
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: hello-john.test

8
deploy/addons/ingress-dns/ingress-dns-pod.yaml.tmpl
View File

@ -22,9 +22,8 @@ metadata:
app: minikube-ingress-dns
kubernetes.io/bootstrapping: rbac-defaults
app.kubernetes.io/part-of: kube-system
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: minikube-ingress-dns
@ -33,7 +32,6 @@ metadata:
app: minikube-ingress-dns
kubernetes.io/bootstrapping: rbac-defaults
app.kubernetes.io/part-of: kube-system
addonmanager.kubernetes.io/mode: Reconcile
gcp-auth-skip-secret: "true"
rules:
- apiGroups:
@ -47,7 +45,7 @@ rules:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: minikube-ingress-dns
@ -56,7 +54,6 @@ metadata:
app: minikube-ingress-dns
kubernetes.io/bootstrapping: rbac-defaults
app.kubernetes.io/part-of: kube-system
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
@ -74,7 +71,6 @@ metadata:
labels:
app: minikube-ingress-dns
app.kubernetes.io/part-of: kube-system
addonmanager.kubernetes.io/mode: Reconcile
spec:
serviceAccountName: minikube-ingress-dns
hostNetwork: true

58
deploy/addons/ingress/ingress-configmap.yaml.tmpl
View File

@ -1,58 +0,0 @@
# Copyright 2016 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
addonmanager.kubernetes.io/mode: Reconcile
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: EnsureExists
name: ingress-nginx-controller
namespace: ingress-nginx
data:
# see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description
hsts: "false"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: EnsureExists
---
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: EnsureExists

632
deploy/addons/ingress/ingress-deploy.yaml.tmpl Normal file
View File

@ -0,0 +1,632 @@
# Copyright 2021 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
---
# Source: ingress-nginx/templates/controller-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
automountServiceAccountToken: true
---
# Source: ingress-nginx/templates/controller-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
data:
# see https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/configmap.md for all possible options and their description
hsts: "false"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
apiVersion: v1
kind: ConfigMap
metadata:
name: udp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
name: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
# Source: ingress-nginx/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
name: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- ''
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.14+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- ingress-controller-leader-nginx
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
# Source: ingress-nginx/templates/controller-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/controller-service-webhook.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
type: ClusterIP
ports:
- name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-service.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
# Source: ingress-nginx/templates/controller-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
revisionHistoryLimit: 10
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
gcp-auth-skip-secret: "true"
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: {{.CustomRegistries.IngressController | default .ImageRepository | default .Registries.IngressController}}{{.Images.IngressController}}
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --election-id=ingress-controller-leader
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --report-node-internal-ip-address
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
{{- if .CustomIngressCert}}
- --default-ssl-certificate={{ .CustomIngressCert }}
{{- end}}
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
livenessProbe:
failureThreshold: 5
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
ports:
- name: http
containerPort: 80
protocol: TCP
hostPort: 80
- name: https
containerPort: 443
protocol: TCP
hostPort: 443
- name: webhook
containerPort: 8443
protocol: TCP
volumeMounts:
- name: webhook-cert
mountPath: /usr/local/certificates/
readOnly: true
resources:
requests:
cpu: 100m
memory: 90Mi
serviceAccountName: ingress-nginx
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
# Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
# before changing this value, check the required kubernetes version
# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
# Currently(v0.49.0), ValidatingWebhookConfiguration of this validates v1beta1 request
# TODO(govargo): check this after upstream ingress-nginx can validate v1 version
# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.49.0/internal/admission/controller/main.go#L46-L52
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
name: ingress-nginx-admission
webhooks:
- name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- {{.IngressAPIVersion}}
operations:
- CREATE
- UPDATE
resources:
- ingresses
failurePolicy: Fail
sideEffects: None
admissionReviewVersions:
{{- if eq .IngressAPIVersion "v1beta1"}}
- v1
{{- end}}
- {{.IngressAPIVersion}}
clientConfig:
service:
namespace: ingress-nginx
name: ingress-nginx-controller-admission
path: /networking/{{.IngressAPIVersion}}/ingresses
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx-admission
namespace: ingress-nginx
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-nginx-admission
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-nginx-admission
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-nginx-admission
namespace: ingress-nginx
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- create
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-nginx-admission
namespace: ingress-nginx
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-create
namespace: ingress-nginx
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
spec:
template:
metadata:
name: ingress-nginx-admission-create
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: create
image: {{.CustomRegistries.KubeWebhookCertgenCreate | default .ImageRepository | default .Registries.KubeWebhookCertgenCreate }}{{.Images.KubeWebhookCertgenCreate}}
imagePullPolicy: IfNotPresent
args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000
---
# Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-patch
namespace: ingress-nginx
annotations:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
spec:
template:
metadata:
name: ingress-nginx-admission-patch
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
spec:
containers:
- name: patch
image: {{.CustomRegistries.KubeWebhookCertgenPatch | default .ImageRepository | default .Registries.KubeWebhookCertgenPatch }}{{.Images.KubeWebhookCertgenPatch}}
imagePullPolicy: IfNotPresent
args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000

299
deploy/addons/ingress/ingress-dp.yaml.tmpl
View File

@ -1,299 +0,0 @@
# Copyright 2016 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
name: ingress-nginx-controller-admission
namespace: ingress-nginx
spec:
type: ClusterIP
ports:
- name: https-webhook
port: 443
targetPort: webhook
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
type: NodePort
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
spec:
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
revisionHistoryLimit: 10
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
minReadySeconds: 0
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
gcp-auth-skip-secret: "true"
spec:
dnsPolicy: ClusterFirst
containers:
- name: controller
image: {{.CustomRegistries.IngressController | default .ImageRepository | default .Registries.IngressController }}{{.Images.IngressController}}
imagePullPolicy: IfNotPresent
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
args:
- /nginx-ingress-controller
- --ingress-class=nginx
- --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
- --report-node-internal-ip-address
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --validating-webhook=:8443
- --validating-webhook-certificate=/usr/local/certificates/cert
- --validating-webhook-key=/usr/local/certificates/key
{{if .CustomIngressCert}}
- --default-ssl-certificate={{ .CustomIngressCert }}
{{end}}
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsUser: 101
allowPrivilegeEscalation: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: LD_PRELOAD
value: /usr/local/lib/libmimalloc.so
livenessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 5
readinessProbe:
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
ports:
- name: http
containerPort: 80
protocol: TCP
hostPort: 80
- name: https
containerPort: 443
protocol: TCP
hostPort: 443
- name: webhook
containerPort: 8443
protocol: TCP
volumeMounts:
- name: webhook-cert
mountPath: /usr/local/certificates/
readOnly: true
resources:
requests:
cpu: 100m
memory: 90Mi
serviceAccountName: ingress-nginx
volumes:
- name: webhook-cert
secret:
secretName: ingress-nginx-admission
---
# Currently(v0.44.0), ValidatingWebhookConfiguration of this validates v1beta1 request
# TODO(govargo): check this after upstream ingress-nginx can validate v1 version
# https://github.com/kubernetes/ingress-nginx/blob/controller-v0.44.0/internal/admission/controller/main.go#L46-L52
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
name: ingress-nginx-admission
webhooks:
- name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- ingresses
failurePolicy: Fail
sideEffects: None
admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
namespace: ingress-nginx
name: ingress-nginx-controller-admission
path: /networking/v1beta1/ingresses
---
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-create
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
namespace: ingress-nginx
spec:
template:
metadata:
name: ingress-nginx-admission-create
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
spec:
containers:
- name: create
image: {{.CustomRegistries.KubeWebhookCertgenCreate | default .ImageRepository | default .Registries.KubeWebhookCertgenCreate }}{{.Images.KubeWebhookCertgenCreate}}
imagePullPolicy: IfNotPresent
args:
- create
- --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name=ingress-nginx-admission
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000
---
apiVersion: batch/v1
kind: Job
metadata:
name: ingress-nginx-admission-patch
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
namespace: ingress-nginx
spec:
template:
metadata:
name: ingress-nginx-admission-patch
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
spec:
containers:
- name: patch
image: {{.CustomRegistries.KubeWebhookCertgenPatch | default .ImageRepository | default .Registries.KubeWebhookCertgenPatch }}{{.Images.KubeWebhookCertgenPatch}}
imagePullPolicy: IfNotPresent
args:
- patch
- --webhook-name=ingress-nginx-admission
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name=ingress-nginx-admission
- --patch-failure-policy=Fail
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
restartPolicy: OnFailure
serviceAccountName: ingress-nginx-admission
securityContext:
runAsNonRoot: true
runAsUser: 2000

283
deploy/addons/ingress/ingress-rbac.yaml.tmpl
View File

@ -1,283 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
addonmanager.kubernetes.io/mode: Reconcile
name: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- nodes
verbs:
- get
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.18+
resources:
- ingressclasses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
addonmanager.kubernetes.io/mode: Reconcile
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
name: ingress-nginx
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- apiGroups:
- ''
resources:
- configmaps
- pods
- secrets
- endpoints
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io # k8s 1.14+
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io # k8s 1.18+
resources:
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- ingress-controller-leader-nginx
verbs:
- get
- update
- apiGroups:
- ''
resources:
- configmaps
verbs:
- create
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: controller
addonmanager.kubernetes.io/mode: Reconcile
name: ingress-nginx
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx
subjects:
- kind: ServiceAccount
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx-admission
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ingress-nginx-admission
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
namespace: ingress-nginx
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ingress-nginx-admission
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ingress-nginx-admission
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
namespace: ingress-nginx
rules:
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ingress-nginx-admission
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/instance: ingress-nginx
app.kubernetes.io/component: admission-webhook
addonmanager.kubernetes.io/mode: Reconcile
namespace: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
name: ingress-nginx-admission
namespace: ingress-nginx

2
deploy/addons/istio-provisioner/istio-operator.yaml.tmpl
View File

@ -8,7 +8,7 @@ metadata:
addonmanager.kubernetes.io/mode: EnsureExists
...
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: istiooperators.install.istio.io

8472
deploy/addons/olm/crds.yaml.tmpl
View File

File diff suppressed because it is too large Load Diff

31
deploy/addons/olm/olm.yaml.tmpl
View File

@ -1,4 +1,4 @@
# Copyright 2016 The Kubernetes Authors All rights reserved.
# Copyright 2021 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -12,6 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# ref: https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.18.3/olm.yaml
---
apiVersion: v1
kind: Namespace
@ -82,7 +84,7 @@ spec:
- $(OPERATOR_NAMESPACE)
- --writeStatusName
- ""
image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}}
image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
@ -99,7 +101,6 @@ spec:
port: 8080
terminationMessagePolicy: FallbackToLogsOnError
env:
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
@ -110,8 +111,6 @@ spec:
requests:
cpu: 10m
memory: 160Mi
nodeSelector:
kubernetes.io/os: linux
---
@ -144,8 +143,8 @@ spec:
- olm
- -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest
- -util-image
- {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}}
image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}}
- {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}}
image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}}
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
@ -161,14 +160,10 @@ spec:
path: /healthz
port: 8080
terminationMessagePolicy: FallbackToLogsOnError
env:
resources:
requests:
cpu: 10m
memory: 80Mi
nodeSelector:
kubernetes.io/os: linux
---
@ -224,7 +219,7 @@ metadata:
name: packageserver
namespace: olm
labels:
olm.version: 0.17.0
olm.version: 0.18.3
spec:
displayName: Package Server
description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion.
@ -288,6 +283,9 @@ spec:
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 1
replicas: 2
selector:
matchLabels:
@ -309,7 +307,7 @@ spec:
- "5443"
- --global-namespace
- olm
image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM }}{{.Images.OLM}}
image: {{.CustomRegistries.OLM | default .ImageRepository | default .Registries.OLM}}{{.Images.OLM}}
imagePullPolicy: Always
ports:
- containerPort: 5443
@ -337,7 +335,7 @@ spec:
- name: tmpfs
emptyDir: {}
maturity: alpha
version: 0.17.0
version: 0.18.3
apiservicedefinitions:
owned:
- group: packages.operators.coreos.com
@ -356,6 +354,9 @@ metadata:
namespace: olm
spec:
sourceType: grpc
image: {{.CustomRegistries.UpstreamCommunityOperators | default .ImageRepository | default .Registries.UpstreamCommunityOperators }}{{.Images.UpstreamCommunityOperators}}
image: {{.CustomRegistries.UpstreamCommunityOperators | default .ImageRepository | default .Registries.UpstreamCommunityOperators}}{{.Images.UpstreamCommunityOperators}}
displayName: Community Operators
publisher: OperatorHub.io
updateStrategy:
registryPoll:
interval: 60m

78
deploy/iso/minikube-iso/board/coreos/minikube/patches/go/1.15.15/dist-generate-stub-go.mod-in-workdir.patch Normal file
View File

@ -0,0 +1,78 @@
From 2b512af2ddaae01926fdcc9056b71017cac2a8d2 Mon Sep 17 00:00:00 2001
From: Tamir Duberstein <tamird@google.com>
Date: Thu, 25 Feb 2021 16:44:46 -0500
Subject: [PATCH] dist: generate stub go.mod in workdir
(cherry picked from commit c6374f516206c02b905d0d76ee1a66dab6fcd212)
---
src/cmd/dist/build.go | 26 ++++++--------------------
1 file changed, 6 insertions(+), 20 deletions(-)
diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
index 9e2b4f33b8..e5a7f9e9c4 100644
--- a/src/cmd/dist/build.go
+++ b/src/cmd/dist/build.go
@@ -110,9 +110,6 @@ func xinit() {
fatalf("$GOROOT must be set")
}
goroot = filepath.Clean(b)
- if modRoot := findModuleRoot(goroot); modRoot != "" {
- fatalf("found go.mod file in %s: $GOROOT must not be inside a module", modRoot)
- }
b = os.Getenv("GOROOT_FINAL")
if b == "" {
@@ -244,6 +241,9 @@ func xinit() {
os.Setenv("LANGUAGE", "en_US.UTF8")
workdir = xworkdir()
+ if err := ioutil.WriteFile(pathf("%s/go.mod", workdir), []byte("module bootstrap"), 0666); err != nil {
+ fatalf("cannot write stub go.mod: %s", err)
+ }
xatexit(rmworkdir)
tooldir = pathf("%s/pkg/tool/%s_%s", goroot, gohostos, gohostarch)
@@ -1484,11 +1484,11 @@ func goCmd(goBinary string, cmd string, args ...string) {
goCmd = append(goCmd, "-p=1")
}
- run(goroot, ShowOutput|CheckExit, append(goCmd, args...)...)
+ run(workdir, ShowOutput|CheckExit, append(goCmd, args...)...)
}
func checkNotStale(goBinary string, targets ...string) {
- out := run(goroot, CheckExit,
+ out := run(workdir, CheckExit,
append([]string{
goBinary,
"list", "-gcflags=all=" + gogcflags, "-ldflags=all=" + goldflags,
@@ -1498,7 +1498,7 @@ func checkNotStale(goBinary string, targets ...string) {
os.Setenv("GODEBUG", "gocachehash=1")
for _, target := range []string{"runtime/internal/sys", "cmd/dist", "cmd/link"} {
if strings.Contains(out, "STALE "+target) {
- run(goroot, ShowOutput|CheckExit, goBinary, "list", "-f={{.ImportPath}} {{.Stale}}", target)
+ run(workdir, ShowOutput|CheckExit, goBinary, "list", "-f={{.ImportPath}} {{.Stale}}", target)
break
}
}
@@ -1590,20 +1590,6 @@ func checkCC() {
}
}
-func findModuleRoot(dir string) (root string) {
- for {
- if fi, err := os.Stat(filepath.Join(dir, "go.mod")); err == nil && !fi.IsDir() {
- return dir
- }
- d := filepath.Dir(dir)
- if d == dir {
- break
- }
- dir = d
- }
- return ""
-}
-
func defaulttarg() string {
// xgetwd might return a path with symlinks fully resolved, and if
// there happens to be symlinks in goroot, then the hasprefix test

2
deploy/iso/minikube-iso/board/coreos/minikube/rootfs-overlay/etc/sysctl.d/90-cilium-rp_filter.conf Normal file
View File

@ -0,0 +1,2 @@
net.ipv4.conf.lxc*.rp_filter = 0
net.ipv4.conf.cilium_*.rp_filter = 0

8
deploy/iso/minikube-iso/configs/minikube_defconfig
View File

@ -18,13 +18,12 @@ BR2_ROOTFS_USERS_TABLES="$(BR2_EXTERNAL_MINIKUBE_PATH)/board/coreos/minikube/use
BR2_ROOTFS_OVERLAY="$(BR2_EXTERNAL_MINIKUBE_PATH)/board/coreos/minikube/rootfs-overlay"
BR2_LINUX_KERNEL=y
BR2_LINUX_KERNEL_CUSTOM_VERSION=y
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.182"
BR2_LINUX_KERNEL_CUSTOM_VERSION_VALUE="4.19.202"
BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
BR2_LINUX_KERNEL_CUSTOM_CONFIG_FILE="$(BR2_EXTERNAL_MINIKUBE_PATH)/board/coreos/minikube/linux_defconfig"
BR2_LINUX_KERNEL_LZ4=y
BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
BR2_PACKAGE_GZIP=y
BR2_PACKAGE_LZ4=y
BR2_PACKAGE_XZ=y
BR2_PACKAGE_STRACE=y
BR2_PACKAGE_SYSDIG=y
@ -37,6 +36,9 @@ BR2_PACKAGE_SSHFS=y
BR2_PACKAGE_XFSPROGS=y
BR2_PACKAGE_PARTED=y
BR2_PACKAGE_SYSSTAT=y
BR2_PACKAGE_LUAJIT=y
BR2_PACKAGE_LZ4=y
BR2_PACKAGE_LZ4_PROGS=y
BR2_PACKAGE_CA_CERTIFICATES=y
BR2_PACKAGE_LIBOPENSSL_BIN=y
BR2_PACKAGE_LIBCURL_CURL=y
@ -58,7 +60,9 @@ BR2_PACKAGE_PSMISC=y
BR2_PACKAGE_SYSTEMD_LOGIND=y
BR2_PACKAGE_SYSTEMD_MACHINED=y
BR2_PACKAGE_TAR=y
BR2_PACKAGE_UTIL_LINUX_BINARIES=y
BR2_PACKAGE_UTIL_LINUX_LOSETUP=y
BR2_PACKAGE_UTIL_LINUX_NOLOGIN=y
BR2_PACKAGE_UTIL_LINUX_NSENTER=y
BR2_PACKAGE_UTIL_LINUX_SCHEDUTILS=y
BR2_TARGET_ROOTFS_CPIO_GZIP=y

1
deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.hash
View File

@ -2,3 +2,4 @@ sha256 33bcaa49b31bc3a277ac75d32fce3f5442d39f53a1799b8624e985279b579f74 buildki
sha256 28005748fae926edf8c93b7cb1df53ec49df65dec67105b94e7fb9c513fa78a4 buildkit-v0.8.0.linux-amd64.tar.gz
sha256 e0438a701d4192f80b2211b0a333984ee4f097c547904e40fc941daad57fe153 buildkit-v0.8.1.linux-amd64.tar.gz
sha256 d6d1ebc68806e626f31dd4ea17a406a93dcff14763971cd91b28cbaf3bfffcd4 buildkit-v0.8.2.linux-amd64.tar.gz
sha256 1b307268735c8f8e68b55781a6f4c03af38acc1bc29ba39ebaec6d422bccfb25 buildkit-v0.9.0.linux-amd64.tar.gz

4
deploy/iso/minikube-iso/package/buildkit-bin/buildkit-bin.mk
View File

@ -4,8 +4,8 @@
#
################################################################################
BUILDKIT_BIN_VERSION = v0.8.2
BUILDKIT_BIN_COMMIT = 9065b18ba4633c75862befca8188de4338d9f94a
BUILDKIT_BIN_VERSION = v0.9.0
BUILDKIT_BIN_COMMIT = c8bb937807d405d92be91f06ce2629e6202ac7a9
BUILDKIT_BIN_SITE = https://github.com/moby/buildkit/releases/download/$(BUILDKIT_BIN_VERSION)
BUILDKIT_BIN_SOURCE = buildkit-$(BUILDKIT_BIN_VERSION).linux-amd64.tar.gz

2
deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.hash
View File

@ -9,3 +9,5 @@ sha256 d30d59e143697aa4f0960205b3f5ac59c573b332f20507740ef2dc0fb5ae8ded v1.3.7.t
sha256 9244212589c84b12262769dca6fb985c0c680cb5259c8904b29c511d81fd62d0 v1.3.9.tar.gz
sha256 bc6d9452c700af0ebc09c0da8ddba55be4c03ac8928e72ca92d98905800c8018 v1.4.3.tar.gz
sha256 ac62c64664bf62fd44df0891c896eecdb6d93def3438271d7892dca75bc069d1 v1.4.4.tar.gz
sha256 285a3f4c00a87538bd7d0a82a0a8a758458c02b925349f44f3189f480c326038 v1.4.6.tar.gz
sha256 3bb9f54be022067847f5930d21ebbfe4e7a67f589d78930aa0ac713492c28bcc v1.4.9.tar.gz

4
deploy/iso/minikube-iso/package/containerd-bin/containerd-bin.mk
View File

@ -3,8 +3,8 @@
# containerd
#
################################################################################
CONTAINERD_BIN_VERSION = v1.4.4
CONTAINERD_BIN_COMMIT = 05f951a3781f4f2c1911b05e61c160e9c30eaa8e
CONTAINERD_BIN_VERSION = v1.4.9
CONTAINERD_BIN_COMMIT = e25210fe30a0a703442421b0f60afac609f950a3
CONTAINERD_BIN_SITE = https://github.com/containerd/containerd/archive
CONTAINERD_BIN_SOURCE = $(CONTAINERD_BIN_VERSION).tar.gz
CONTAINERD_BIN_DEPENDENCIES = host-go libgpgme

2
deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.hash
View File

@ -5,3 +5,5 @@ sha256 19fed421710fccfe58f5573383bb137c19438a9056355556f1a15da8d23b3ad1 crictl-
sha256 7b72073797f638f099ed19550d52e9b9067672523fc51b746e65d7aa0bafa414 crictl-v1.17.0-linux-amd64.tar.gz
sha256 876dd2b3d0d1c2590371f940fb1bf1fbd5f15aebfbe456703ee465d959700f4a crictl-v1.18.0-linux-amd64.tar.gz
sha256 87d8ef70b61f2fe3d8b4a48f6f712fd798c6e293ed3723c1e4bbb5052098f0ae crictl-v1.19.0-linux-amd64.tar.gz
sha256 44d5f550ef3f41f9b53155906e0229ffdbee4b19452b4df540265e29572b899c crictl-v1.20.0-linux-amd64.tar.gz
sha256 85c78a35584971625bf1c3bcd46e5404a90396f979d7586f18b11119cb623e24 crictl-v1.21.0-linux-amd64.tar.gz

2
deploy/iso/minikube-iso/package/crictl-bin/crictl-bin.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
CRICTL_BIN_VERSION = v1.19.0
CRICTL_BIN_VERSION = v1.21.0
CRICTL_BIN_SITE = https://github.com/kubernetes-sigs/cri-tools/releases/download/$(CRICTL_BIN_VERSION)
CRICTL_BIN_SOURCE = crictl-$(CRICTL_BIN_VERSION)-linux-amd64.tar.gz
CRICTL_BIN_STRIP_COMPONENTS = 0

2
deploy/iso/minikube-iso/package/docker-bin/docker-bin.hash
View File

@ -30,3 +30,5 @@ sha256 47065a47f0692cd5af03073c7386fe090d9ef5ac88a7d8455a884d8e15809be5 docker-
sha256 6ec28b6a251e093f5cf32569c4bfce4821eda02923b33c060694e6ca2c851daa docker-20.10.4.tgz
sha256 3f18edc66e1faae607d428349e77f9800bdea554528521f0f6c49fc3f1de6abf docker-20.10.5.tgz
sha256 e3b6c3b11518281a51fb0eee73138482b83041e908f01adf8abd3a24b34ea21e docker-20.10.6.tgz
sha256 34ad50146fce29b28e5115a1e8510dd5232459c9a4a9f28f65909f92cca314d9 docker-20.10.7.tgz
sha256 7ea11ecb100fdc085dbfd9ab1ff380e7f99733c890ed815510a5952e5d6dd7e0 docker-20.10.8.tgz

2
deploy/iso/minikube-iso/package/docker-bin/docker-bin.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
DOCKER_BIN_VERSION = 20.10.6
DOCKER_BIN_VERSION = 20.10.8
DOCKER_BIN_SITE = https://download.docker.com/linux/static/stable/x86_64
DOCKER_BIN_SOURCE = docker-$(DOCKER_BIN_VERSION).tgz

2
deploy/iso/minikube-iso/package/runc-master/runc-master.hash
View File

@ -9,3 +9,5 @@ sha256 4ffe8323397d85dda7d5875fa6bdaf3f8c93592c1947dfa24a034719dc6f728e d736ef14
sha256 defe87a5f15edc54288d3261f5be28219b9b9d904d98c6020eb2e45400a04fb2 dc9208a3303feef5b3839f4323d9beb36df0a9dd.tar.gz
sha256 bfcbbcb12664d5f8c1b794f37a457a8db53291c82be5a3157d8efb91aab193bf ff819c7e9184c13b7c2607fe6c30ae19403a7aff.tar.gz
sha256 144973344b73627b5f69aa88b9e6655d692447ec317a0d5fa9777496a8ac186e 12644e614e25b05da6fd08a38ffa0cfe1903fdec.tar.gz
sha256 821ff8629329b4b7e4ccf24b5bf369c9739887736be30ba06a0d8053eb0e0b23 b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7.tar.gz
sha256 50cc479cabf6e7edb9070a7c28b3460b0acc2a01650fc5934f5037cb96b9e2cf 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7.tar.gz

4
deploy/iso/minikube-iso/package/runc-master/runc-master.mk
View File

@ -4,8 +4,8 @@
#
################################################################################
# As of 2021-02-03, v1.0.0-rc93
RUNC_MASTER_VERSION = 12644e614e25b05da6fd08a38ffa0cfe1903fdec
# As of 2021-07-16, v1.0.1
RUNC_MASTER_VERSION = 4144b63817ebcc5b358fc2c8ef95f7cddd709aa7
RUNC_MASTER_SITE = https://github.com/opencontainers/runc/archive
RUNC_MASTER_SOURCE = $(RUNC_MASTER_VERSION).tar.gz
RUNC_MASTER_LICENSE = Apache-2.0

2
deploy/kicbase/Dockerfile
View File

@ -29,7 +29,7 @@ RUN cd ./cmd/auto-pause/ && go build
# for a kubernetes node image, it doesn't contain much we don't need
FROM ubuntu:focal-20210401
ARG BUILDKIT_VERSION="v0.8.2"
ARG BUILDKIT_VERSION="v0.9.0"
# copy in static files (configs, scripts)
COPY deploy/kicbase/10-network-security.conf /etc/sysctl.d/10-network-security.conf

32
go.mod
View File

@ -5,7 +5,8 @@ go 1.16
require (
cloud.google.com/go/storage v1.15.0
contrib.go.opencensus.io/exporter/stackdriver v0.12.1
github.com/Delta456/box-cli-maker/v2 v2.2.1
github.com/Delta456/box-cli-maker/v2 v2.2.2
github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0
github.com/Microsoft/hcsshim v0.8.17 // indirect
github.com/Parallels/docker-machine-parallels/v2 v2.0.1
@ -15,23 +16,22 @@ require (
github.com/c4milo/gotoolkit v0.0.0-20190525173301-67483a18c17a // indirect
github.com/cenkalti/backoff/v4 v4.1.1
github.com/cheggaaa/pb/v3 v3.0.8
github.com/cloudevents/sdk-go/v2 v2.3.1
github.com/cloudevents/sdk-go/v2 v2.5.0
github.com/cloudfoundry-attic/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21
github.com/cloudfoundry/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 // indirect
github.com/docker/cli v0.0.0-20200303162255-7d407207c304 // indirect
github.com/docker/docker v20.10.7+incompatible
github.com/docker/go-units v0.4.0
github.com/docker/machine v0.16.2
github.com/elazarl/goproxy v0.0.0-20210110162100-a92cc753f88e
github.com/golang-collections/collections v0.0.0-20130729185459-604e922904d3
github.com/google/go-cmp v0.5.6
github.com/google/go-containerregistry v0.4.1
github.com/google/go-containerregistry v0.6.0
github.com/google/go-github/v36 v36.0.0
github.com/google/slowjam v1.0.0
github.com/google/uuid v1.3.0
github.com/gookit/color v1.4.2 // indirect
github.com/hashicorp/go-getter v1.5.5
github.com/hashicorp/go-getter v1.5.7
github.com/hashicorp/go-retryablehttp v0.7.0
github.com/hashicorp/golang-lru v0.5.3 // indirect
github.com/hectane/go-acl v0.0.0-20190604041725-da78bae5fc95 // indirect
github.com/hooklift/assert v0.0.0-20170704181755-9d1defd6d214 // indirect
github.com/hooklift/iso9660 v0.0.0-20170318115843-1cf07e5970d8
@ -52,7 +52,6 @@ require (
github.com/machine-drivers/docker-machine-driver-vmware v0.1.3
github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24
github.com/mattn/go-isatty v0.0.13
github.com/mattn/go-runewidth v0.0.13 // indirect
github.com/mitchellh/go-ps v1.0.0
github.com/moby/hyperkit v0.0.0-20210108224842-2f061e447e14
github.com/moby/sys/mount v0.2.0 // indirect
@ -67,7 +66,7 @@ require (
github.com/pmezard/go-difflib v1.0.0
github.com/russross/blackfriday v1.5.3-0.20200218234912-41c5fccfd6f6 // indirect
github.com/samalba/dockerclient v0.0.0-20160414174713-91d7393ff859 // indirect
github.com/shirou/gopsutil/v3 v3.21.6
github.com/shirou/gopsutil/v3 v3.21.7
github.com/spf13/cobra v1.2.1
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.8.1
@ -80,21 +79,21 @@ require (
golang.org/x/build v0.0.0-20190927031335-2835ba2e683f
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2
golang.org/x/exp v0.0.0-20210220032938-85be41e4509f
golang.org/x/mod v0.4.2
golang.org/x/mod v0.5.0
golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf
golang.org/x/term v0.0.0-20210406210042-72f3dc4e9b72
golang.org/x/text v0.3.6
golang.org/x/text v0.3.7
gonum.org/v1/plot v0.9.0
google.golang.org/api v0.51.0
google.golang.org/api v0.52.0
gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22 // indirect
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.21.3
k8s.io/apimachinery v0.21.3
k8s.io/client-go v0.21.3
k8s.io/api v0.22.1
k8s.io/apimachinery v0.22.0
k8s.io/client-go v0.22.0
k8s.io/klog/v2 v2.10.0
k8s.io/kubectl v0.21.3
k8s.io/kubectl v0.22.1
k8s.io/kubernetes v1.21.3
sigs.k8s.io/sig-storage-lib-external-provisioner/v6 v6.3.0
)
@ -103,7 +102,6 @@ replace (
git.apache.org/thrift.git => github.com/apache/thrift v0.0.0-20180902110319-2566ecd5d999
github.com/briandowns/spinner => github.com/alonyb/spinner v1.12.7
github.com/docker/machine => github.com/machine-drivers/machine v0.7.1-0.20210719174735-6eca26732baa
github.com/google/go-containerregistry => github.com/afbjorklund/go-containerregistry v0.4.1-0.20210321165649-761f6f9626b1
github.com/samalba/dockerclient => github.com/sayboras/dockerclient v1.0.0
k8s.io/api => k8s.io/api v0.21.2
k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.21.2

111
go.sum
View File

@ -24,8 +24,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb
cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0=
cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY=
cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM=
cloud.google.com/go v0.87.0 h1:8ZtzmY4a2JIO2sljMbpqkDYxA8aJQveYr3AMa+X40oc=
cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY=
cloud.google.com/go v0.88.0 h1:MZ2cf9Elnv1wqccq8ooKO2MqHQLc+ChCp/+QWObCpxg=
cloud.google.com/go v0.88.0/go.mod h1:dnKwfYbP9hQhefiUvpbcAyoGSHUrOxR20JVElLiUvEY=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
@ -68,8 +68,10 @@ github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZ
github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/Delta456/box-cli-maker/v2 v2.2.1 h1:uTcuvT6Ty+LBHuRUdFrJBpqP9RhtLxI5+5ZpKYAUuVw=
github.com/Delta456/box-cli-maker/v2 v2.2.1/go.mod h1:R7jxZHK2wGBR2Luz/Vgi8jP5fz1ljUXgu2o2JQNmvFU=
github.com/Delta456/box-cli-maker/v2 v2.2.2 h1:CpSLcPgi5pY4+arzpyuWN2+nU8gHqto2Y+OO7VbELQ0=
github.com/Delta456/box-cli-maker/v2 v2.2.2/go.mod h1:idItIMZeyx3bg73XwSgsLeZd+gdpD2IvGbR3FC8a9TU=
github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2 h1:rMamBsR6iCT9Y5m2Il6vFGJvY7FAgck4AoA/LobheKU=
github.com/GoogleCloudPlatform/docker-credential-gcr v0.0.0-20210713212222-faed5e8b8ca2/go.mod h1:BB1eHdMLYEFuFdBlRMb0N7YGVdM5s6Pt0njxgvfbGGs=
github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20200415212048-7901bc822317/go.mod h1:DF8FZRxMHMGv/vP2lQP6h+dYzzjpuRn24VeRiYn3qjQ=
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0 h1:ljU7eS7Fe0eGWEJxhoIjGANPEhx2f5PKTbDjvT61Kwk=
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v0.16.0/go.mod h1:TLDTgf8D4fD8Y1DizdJKtfIjkHJZU1J+mieFB1qS5T8=
@ -84,8 +86,9 @@ github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB
github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.4.17-0.20210324224401-5516f17a5958/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.4.17 h1:iT12IBVClFevaf8PuVyi3UmZOVh4OqnaLxDTW2O6j3w=
github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/go-winio v0.5.0 h1:Elr9Wn+sGKPlkaBvwu4mTrxtmOp3F3yV9qhaHbXGjwU=
github.com/Microsoft/go-winio v0.5.0/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84=
github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
@ -107,14 +110,12 @@ github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk=
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
github.com/VividCortex/godaemon v1.0.0 h1:aHYrScWvgaSOdAoYCdObWXLm+e1rldP9Pwb1ZvuZkQw=
github.com/VividCortex/godaemon v1.0.0/go.mod h1:hBWe/72KbGt/lb95E+Sh9ersdYbB57Dt6CG66S1YPno=
github.com/afbjorklund/go-containerregistry v0.4.1-0.20210321165649-761f6f9626b1 h1:AI8EIk8occ3pruhaTpkaQxQGlC1dHx3J9hAtg7t+FLI=
github.com/afbjorklund/go-containerregistry v0.4.1-0.20210321165649-761f6f9626b1/go.mod h1:Ct15B4yir3PLOP5jsy0GNeYVaIZs/MK/Jz5any1wFW0=
github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af h1:wVe6/Ea46ZMeNkQjjBW6xcqyQA/j5e0D6GytH95g0gQ=
github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
@ -199,8 +200,8 @@ github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX
github.com/cilium/ebpf v0.4.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
github.com/cilium/ebpf v0.5.0/go.mod h1:4tRaxcgiL706VnOzHOdBlY8IEAIdxINsQBcU4xJJXRs=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudevents/sdk-go/v2 v2.3.1 h1:QRTu0yRA4FbznjRSds0/4Hy6cVYpWV2wInlNJSHWAtw=
github.com/cloudevents/sdk-go/v2 v2.3.1/go.mod h1:4fO2UjPMYYR1/7KPJQCwTPb0lFA8zYuitkUpAZFSY1Q=
github.com/cloudevents/sdk-go/v2 v2.5.0 h1:Ts6aLHbBUJfcNcZ4ouAfJ4+Np7SE1Yf2w4ADKRCd7Fo=
github.com/cloudevents/sdk-go/v2 v2.5.0/go.mod h1:nlXhgFkf0uTopxmRXalyMwS2LG70cRGPrxzmjJgSG0U=
github.com/cloudfoundry-attic/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 h1:Yg2hDs4b13Evkpj42FU2idX2cVXVFqQSheXYKM86Qsk=
github.com/cloudfoundry-attic/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21/go.mod h1:MgJyK38wkzZbiZSKeIeFankxxSA8gayko/nr5x5bgBA=
github.com/cloudfoundry/jibber_jabber v0.0.0-20151120183258-bcc4c8345a21 h1:tuijfIjZyjZaHq9xDUh0tNitwXshJpbLkqMOJv4H3do=
@ -245,8 +246,9 @@ github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7
github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU=
github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09ZvgqEq8EfBp/m3lcVZIvPHhI=
github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
github.com/containerd/containerd v1.5.1 h1:xWHPAoe6VkUiI9GAvndJM7s/0MTrmwX3AQiYTr3olf0=
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/containerd v1.5.2 h1:MG/Bg1pbmMb61j3wHCFWPxESXHieiKr2xG64px/k8zQ=
github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@ -275,8 +277,8 @@ github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJ
github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c=
github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY=
github.com/containerd/stargz-snapshotter/estargz v0.4.1 h1:5e7heayhB7CcgdTkqfZqrNaNv15gABwr3Q2jBTbLlt4=
github.com/containerd/stargz-snapshotter/estargz v0.4.1/go.mod h1:x7Q9dg9QYb4+ELgxmo4gBUeJB0tl5dqH1Sdz0nJU1QM=
github.com/containerd/stargz-snapshotter/estargz v0.7.0 h1:1d/rydzTywc76lnjJb6qbPCiTiCwts49AzKps/Ecblw=
github.com/containerd/stargz-snapshotter/estargz v0.7.0/go.mod h1:83VWDqHnurTKliEB0YvWMiCfLDwv4Cjj1X9Vk98GJZw=
github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
@ -339,14 +341,12 @@ github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v0.0.0-20200303162255-7d407207c304 h1:A7SYzidcyuQ/yS4wezWGYeUioUFJQk8HYWY9aMYTF4I=
github.com/docker/cli v0.0.0-20200303162255-7d407207c304/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/cli v20.10.7+incompatible h1:pv/3NqibQKphWZiAskMzdz8w0PRbtTaEB+f6NwdU7Is=
github.com/docker/cli v20.10.7+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY=
github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v17.12.0-ce-rc1.0.20181225093023-5ddb1d410a8b+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v17.12.0-ce-rc1.0.20190115220918-5ec31380a5d3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v20.10.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
@ -430,8 +430,8 @@ github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
github.com/go-ole/go-ole v1.2.5 h1:t4MGB5xEDZvXI+0rMjjsfBsD7yAgp/s9ZDkL1JndXwY=
github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
@ -528,6 +528,7 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA=
github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk=
github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@ -546,6 +547,8 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-containerregistry v0.6.0 h1:niQ+8XD//kKgArIFwDVBXsWVWbde16LPdHMyNwSC8h4=
github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw=
github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
github.com/google/go-github/v36 v36.0.0 h1:ndCzM616/oijwufI7nBRa+5eZHLldT+4yIB68ib5ogs=
@ -573,7 +576,7 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe
github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20210715191844-86eeefc3e471/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/slowjam v1.0.0 h1:dA9flW4oGTJcSy8FpEvdq8JKwPFVgqYwMmjhqlb2L+s=
@ -591,7 +594,6 @@ github.com/googleapis/gnostic v0.4.1 h1:DLJCy1n/vrD4HPjOvYcT8aYQXpPIzoRZONaYwyyc
github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg=
github.com/googleinterns/cloud-operations-api-mock v0.0.0-20200709193332-a1e58c29bdd3 h1:eHv/jVY/JNop1xg2J9cBb4EzyMpWZoNCP1BslSAIkOI=
github.com/googleinterns/cloud-operations-api-mock v0.0.0-20200709193332-a1e58c29bdd3/go.mod h1:h/KNeRx7oYU4SpA4SoY7W2/NxDKEEVuwA6j9A27L4OI=
github.com/gookit/color v1.3.6/go.mod h1:R3ogXq2B9rTbXoSHJ1HyUVAZ3poOJHpd9nQmyGZsfvQ=
github.com/gookit/color v1.4.2 h1:tXy44JFSFkKnELV6WaMo/lLfu/meqITX3iAV52do7lk=
github.com/gookit/color v1.4.2/go.mod h1:fqRyamkC1W8uxl+lxCQxOT09l/vYfZ+QeiX3rKQHCoQ=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
@ -619,8 +621,8 @@ github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
github.com/hashicorp/go-getter v1.5.5 h1:kAiuyk4LvTCqXfDkxNcCS/s0j/jye9USXT+iHH3EX68=
github.com/hashicorp/go-getter v1.5.5/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI=
github.com/hashicorp/go-getter v1.5.7 h1:HBLsom8eGHLxj78ta+/MVSyct8KWG4B4z6lhBA4vJcg=
github.com/hashicorp/go-getter v1.5.7/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI=
github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
@ -682,7 +684,6 @@ github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9Y
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52CupLJyoVwB10FQ/IQlF1pdL8=
github.com/johanneswuerbach/nfsexports v0.0.0-20200318065542-c48c3734757f h1:tL0xH80QVHQOde6Qqdohv6PewABH8l8N9pywZtuojJ0=
github.com/johanneswuerbach/nfsexports v0.0.0-20200318065542-c48c3734757f/go.mod h1:+c1/kUpg2zlkoWqTOvzDs36Wpbm3Gd1nlmtXAEB0WGU=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
@ -727,8 +728,10 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.11.13 h1:eSvu8Tmq6j2psUJqJrLcWH6K3w5Dwc+qipbaA6eVEN4=
github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs=
github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
github.com/klauspost/cpuid v1.2.0 h1:NMpwD2G9JSFOE1/TJjGSo5zG7Yb2bTe7eq1jH+irmeE=
github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@ -751,8 +754,6 @@ github.com/libopenstorage/openstorage v1.0.0/go.mod h1:Sp1sIObHjat1BeXhfMqLZ14wn
github.com/libvirt/libvirt-go v3.9.0+incompatible h1:tcJOV5bCR8lWsifKnPCEnYSroD5rjuUkCBp/kv1kH/w=
github.com/libvirt/libvirt-go v3.9.0+incompatible/go.mod h1:34zsnB4iGeOv7Byj6qotuW8Ya4v4Tr43ttjz/F0wjLE=
github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac h1:+2b6iGRJe3hvV/yVXrd41yVEjxuFHxasJqDhkIjS4gk=
github.com/lightstep/tracecontext.go v0.0.0-20181129014701-1757c391b1ac/go.mod h1:Frd2bnT3w5FB5q49ENTfVlztJES+1k/7lyWX2+9gq/M=
github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc=
github.com/lpabon/godbc v0.1.1/go.mod h1:Jo9QV0cf3U6jZABgiJ2skINAXb9j8m51r07g4KI92ZA=
github.com/lucas-clemente/aes12 v0.0.0-20171027163421-cd47fb39b79f/go.mod h1:JpH9J1c9oX6otFSgdUHwUBUizmKlrMjxWnIAjff4m04=
@ -800,7 +801,6 @@ github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY=
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
github.com/mholt/certmagic v0.6.2-0.20190624175158-6a42ef9fe8c2/go.mod h1:g4cOPxcjV0oFq3qwpjSA30LReKD8AoIfwAY9VvG35NY=
github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
@ -874,7 +874,6 @@ github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
@ -998,22 +997,21 @@ github.com/russross/blackfriday v0.0.0-20170610170232-067529f716f4/go.mod h1:JO/
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday v1.5.3-0.20200218234912-41c5fccfd6f6 h1:tlXG832s5pa9x9Gs3Rp2rTvEqjiDEuETUOSfBEiTcns=
github.com/russross/blackfriday v1.5.3-0.20200218234912-41c5fccfd6f6/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
github.com/sayboras/dockerclient v1.0.0 h1:awHcxOzTP07Gl1SJAhkTCTagyJwgA6f/Az/Z4xMP2yg=
github.com/sayboras/dockerclient v1.0.0/go.mod h1:mUmEoqt0b+uQg57s006FsvL4mybi+N5wINLDBGtaPTY=
github.com/sclevine/spec v1.2.0/go.mod h1:W4J29eT/Kzv7/b9IWLB055Z+qvVC9vt0Arko24q7p+U=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo=
github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
github.com/shirou/gopsutil/v3 v3.21.6 h1:vU7jrp1Ic/2sHB7w6UNs7MIkn7ebVtTb5D9j45o9VYE=
github.com/shirou/gopsutil/v3 v3.21.6/go.mod h1:JfVbDpIBLVzT8oKbvMg9P3wEIMDDpVn+LwHTKj0ST88=
github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
github.com/shirou/gopsutil/v3 v3.21.7 h1:PnTqQamUjwEDSgn+nBGu0qSDV/CfvyiR/gwTH3i7HTU=
github.com/shirou/gopsutil/v3 v3.21.7/go.mod h1:RGl11Y7XMTQPmHh8F0ayC6haKNBgH4PXMJuTAcMOlz4=
github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
@ -1022,8 +1020,9 @@ github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM=
github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@ -1080,10 +1079,10 @@ github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cb
github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I=
github.com/thecodeteam/goscaleio v0.1.0/go.mod h1:68sdkZAsK8bvEwBlbQnlLS+xU+hvLYM/iQ8KXej1AwM=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
github.com/tklauser/go-sysconf v0.3.6 h1:oc1sJWvKkmvIxhDHeKWvZS4f6AW+YcoguSfRF2/Hmo4=
github.com/tklauser/go-sysconf v0.3.6/go.mod h1:MkWzOF4RMCshBAMXuhXJs64Rte09mITnppBXY/rYEFI=
github.com/tklauser/numcpus v0.2.2 h1:oyhllyrScuYI6g+h/zUvNXNp1wy7x8qQy3t/piefldA=
github.com/tklauser/numcpus v0.2.2/go.mod h1:x3qojaO3uyYt0i56EW/VUYs7uBvdl2fkfZFu0T9wgjM=
github.com/tklauser/go-sysconf v0.3.7 h1:HT7h4+536gjqeq1ZIJPgOl1rg1XFatQGVZWp7Py53eg=
github.com/tklauser/go-sysconf v0.3.7/go.mod h1:JZIdXh4RmBvZDBZ41ld2bGxRV3n4daiiqA3skYhAoQ4=
github.com/tklauser/numcpus v0.2.3 h1:nQ0QYpiritP6ViFhrKYsiv6VVxOpum2Gks5GhnJbS/8=
github.com/tklauser/numcpus v0.2.3/go.mod h1:vpEPS/JC+oZGGQ/My/vJnNsvMDQL6PwOqt8dsCw5j+E=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc=
@ -1115,7 +1114,6 @@ github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f h1:mvXjJIHRZy
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg=
github.com/xo/terminfo v0.0.0-20200218205459-454e5b68f9e8/go.mod h1:6Yhx5ZJl5942QrNRWLwITArVT9okUXc5c3brgWJMoDc=
github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 h1:QldyIu/L63oPpyvQmHgvgickp1Yw510KJOqX7H24mg8=
github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778/go.mod h1:2MuV+tbUrU1zIOPMxZ5EncGwgmMJsa+9ucAQZXxsObs=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
@ -1253,8 +1251,9 @@ golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.5.0 h1:UG21uOlmZabA4fW5i7ZX6bjw1xELEGg/ZLgZq9auk/Q=
golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -1311,8 +1310,9 @@ golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420 h1:a8jGStKg0XqKDlKqjLrXn0ioF5MH36pT7Z0BRTqLhbk=
golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5 h1:wjuX4b5yYQnEQHzd+CBcrcC6OVR2J1CN6mUy0oSxIPo=
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -1371,7 +1371,6 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -1422,7 +1421,6 @@ golang.org/x/sys v0.0.0-20201117170446-d9b008d0a637/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201223074533-0d417f636930/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -1430,7 +1428,6 @@ golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210316164454-77fc1eacc6aa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -1442,8 +1439,9 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf h1:2ucpDCmfkl8Bd/FsLtiD653Wf96cW37s+iGx93zsu4k=
golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@ -1456,13 +1454,13 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba h1:O8mE0/t419eoIwhTFpKVkHiTs/Igowgfkj25AcZrtiE=
golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@ -1487,7 +1485,6 @@ golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgw
golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20190706070813-72ffa07ba3db/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@ -1525,7 +1522,6 @@ golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
@ -1582,8 +1578,8 @@ google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFo
google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo=
google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4=
google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw=
google.golang.org/api v0.51.0 h1:SQaA2Cx57B+iPw2MBgyjEkoeMkRK2IenSGoia0U3lCk=
google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU=
google.golang.org/api v0.52.0 h1:m5FLEd6dp5CU1F0tMWyqDi2XjchviIz8ntzOSz7w8As=
google.golang.org/api v0.52.0/go.mod h1:Him/adpjt0sxtkWViy0b6xyKW/SD71CwdJ7HqJo7SrU=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@ -1621,7 +1617,6 @@ google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfG
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200605102947-12044bf5ea91/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200711021454-869866162049/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@ -1647,9 +1642,9 @@ google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxH
google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24=
google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea h1:8ZyCcgugUqamxp/vZSEJw9CMy7VZlSWYJLLJPi/dSDA=
google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k=
google.golang.org/genproto v0.0.0-20210721163202-f1cecdd8b78a/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f h1:YORWxaStkWBnWgELOHTmDrqNlFXuVGEbhwbB5iK94bQ=
google.golang.org/genproto v0.0.0-20210722135532-667f2b7c528f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48=
google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
@ -1737,7 +1732,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
@ -1773,7 +1767,6 @@ k8s.io/controller-manager v0.21.2/go.mod h1:tkiSDYJj4H/QRxGNefy5ibFAmhEvqmEh9yLz
k8s.io/cri-api v0.21.2/go.mod h1:ukzeKnOkrG9/+ghKZA57WeZbQfRtqlGLF5GcF3RtHZ8=
k8s.io/csi-translation-lib v0.21.2/go.mod h1:LgswOMSIdOntgqxcHsspcG61R34t954N//9jiSD/TTM=
k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/heapster v1.2.0-beta.1/go.mod h1:h1uhptVXMwC8xtZBYsPXKVi8fpdlYkTs6k949KozGrM=
k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=

4
hack/benchmark/cpu_usage/auto_pause/chart.go
View File

@ -72,7 +72,7 @@ func execute() error {
// Open non-autopause csv file of benchmark summary
napResults := []float64{}
var napFn string = "./out/benchmark-results/" + sessionID + "/cstat.nonautopause.summary"
napFn := "./out/benchmark-results/" + sessionID + "/cstat.nonautopause.summary"
napFile, err := os.Open(napFn)
if err != nil {
return errors.Wrap(err, "Missing summary csv")
@ -97,7 +97,7 @@ func execute() error {
// Open auto-pause csv file of benchmark summary
apResults := []float64{}
var apFn string = "./out/benchmark-results/" + sessionID + "/cstat.autopause.summary"
apFn := "./out/benchmark-results/" + sessionID + "/cstat.autopause.summary"
apFile, err := os.Open(apFn)
if err != nil {
return errors.Wrap(err, "Missing summary csv")

2
hack/benchmark/cpu_usage/idle_only/chart.go
View File

@ -71,7 +71,7 @@ func execute() error {
// Open csv file of benchmark summary
results := []float64{}
var fn string = "./out/benchmark-results/" + sessionID + "/cstat.summary"
fn := "./out/benchmark-results/" + sessionID + "/cstat.summary"
file, err := os.Open(fn)
if err != nil {
return errors.Wrap(err, "Missing summary csv")

6
hack/benchmark/time-to-k8s/chart.go
View File

@ -220,11 +220,7 @@ func createChart(chartPath string, values []plotter.Values, totals []float64, na
p.Add(l)
if err := p.Save(12*vg.Inch, 8*vg.Inch, chartPath); err != nil {
return err
}
return nil
return p.Save(12*vg.Inch, 8*vg.Inch, chartPath)
}
func createBars(values plotter.Values, index int) (*plotter.BarChart, error) {

5
hack/jenkins/build_iso.sh
View File

@ -46,10 +46,7 @@ ec=$?
if [ $ec -gt 0 ]; then
if [ "$release" = false ]; then
gh pr comment ${ghprbPullId} --body "Hi ${ghprbPullAuthorLoginMention}, building a new ISO failed.
See the logs at:
```
https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/iso-${BUILD_NUMBER}/iso_build.txt
```
See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/${ghprbActualCommit::7}/iso_build.txt
"
fi
exit $ec

2
hack/jenkins/cloud_shell_functional_tests_docker.sh
View File

@ -30,7 +30,7 @@ gcloud cloud-shell ssh --authorize-session << EOF
DRIVER="docker"
JOB_NAME="Docker_Cloud_Shell"
CONTAINER_RUNTIME="docker"
EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons)"
EXTRA_TEST_ARGS="-test.run (TestFunctional|TestAddons|TestStartStop)"
# Need to set these in cloud-shell or will not be present in common.sh
MINIKUBE_LOCATION=$MINIKUBE_LOCATION

2
hack/jenkins/common.sh
View File

@ -91,7 +91,7 @@ else
fi
# installing golang so we could do go get for gopogh
./installers/check_install_golang.sh "1.16.6" "/usr/local" || true
./installers/check_install_golang.sh "1.16.7" "/usr/local" || true
# install docker and kubectl if not present
sudo ARCH="$ARCH" ./installers/check_install_docker.sh || true

7
hack/jenkins/kicbase_auto_build.sh
View File

@ -68,10 +68,7 @@ ec=$?
if [ $ec -gt 0 ]; then
if [ "$release" = false ]; then
gh pr comment ${ghprbPullId} --body "Hi ${ghprbPullAuthorLoginMention}, building a new kicbase image failed.
See the logs at:
```
https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/kicbase-${BUILD_NUMBER}/kic_image_build.txt
```
See the logs at: https://storage.cloud.google.com/minikube-builds/logs/${ghprbPullId}/${ghprbActualCommit::7}/kic_image_build.txt
"
fi
exit $ec
@ -101,7 +98,7 @@ if [ "$release" = false ]; then
if [ $? -gt 0 ]; then
message="Hi ${ghprbPullAuthorLoginMention}, we failed to push the reference to the kicbase to your PR. Please run the following command and push manually.
sed -i 's|Version = .*|Version = \"${KIC_VERSION}\"|;s|baseImageSHA = .*|baseImageSHA = \"${sha}\"|;s|gcrRepo = .*|gcrRepo = \"${GCR_REPO}\"|;s|dockerhubRepo = .*|dockerhubRepo = \"${DH_REPO}\"|' pkg/drivers/kic/types.go; make generate-docs;
sed -i 's|Version = .*|Version = \"${KIC_VERSION}\"|;s|baseImageSHA = .*|baseImageSHA = \"${sha}\"|;s|gcrRepo = .*|gcrRepo = \"${GCR_REPO}\"|;s|dockerhubRepo = .*|dockerhubRepo = \"${DH_REPO}\"|' pkg/drivers/kic/types.go
"
fi

47
hack/jenkins/test-flake-chart/compute_flake_rate.go
View File

@ -23,7 +23,6 @@ import (
"io"
"os"
"runtime/debug"
"sort"
"strconv"
"strings"
"time"
@ -31,7 +30,7 @@ import (
var (
dataCsv = flag.String("data-csv", "", "Source data to compute flake rates on")
dateRange = flag.Uint("date-range", 5, "Number of test dates to consider when computing flake rate")
dateRange = flag.Uint("date-range", 5, "Number of days prior to today to compute flake rate for")
)
func main() {
@ -42,9 +41,11 @@ func main() {
exit("Unable to read data CSV", err)
}
dateCutoff := time.Now().AddDate(0, 0, -int(*dateRange))
testEntries := readData(file)
splitEntries := splitData(testEntries)
filteredEntries := filterRecentEntries(splitEntries, *dateRange)
filteredEntries := filterRecentEntries(splitEntries, dateCutoff)
flakeRates := computeFlakeRates(filteredEntries)
averageDurations := computeAverageDurations(filteredEntries)
fmt.Println("Environment,Test,Flake Rate,Duration")
@ -162,51 +163,19 @@ func appendEntry(splitEntries splitEntryMap, environment, test string, entry tes
environmentSplit[test] = append(testSplit, entry)
}
// Filters `splitEntries` to include only the most recent `date_range` dates.
func filterRecentEntries(splitEntries splitEntryMap, dateRange uint) splitEntryMap {
// Filters `splitEntries` to include only entries after `dateCutoff`.
func filterRecentEntries(splitEntries splitEntryMap, dateCutoff time.Time) splitEntryMap {
filteredEntries := make(splitEntryMap)
for environment, environmentSplit := range splitEntries {
for test, testSplit := range environmentSplit {
dates := make([]time.Time, len(testSplit))
for _, entry := range testSplit {
dates = append(dates, entry.date)
}
// Sort dates from future to past.
sort.Slice(dates, func(i, j int) bool {
return dates[j].Before(dates[i])
})
datesInRange := make([]time.Time, 0, dateRange)
var lastDate time.Time
// Go through each date.
for _, date := range dates {
// If date is the same as last date, ignore it.
if date.Equal(lastDate) {
continue
}
// Add the date.
datesInRange = append(datesInRange, date)
lastDate = date
// If the date_range has been hit, break out.
if uint(len(datesInRange)) == dateRange {
break
}
}
for _, entry := range testSplit {
// Look for the first element <= entry.date
index := sort.Search(len(datesInRange), func(i int) bool {
return !datesInRange[i].After(entry.date)
})
// If no date is <= entry.date, or the found date does not equal entry.date.
if index == len(datesInRange) || !datesInRange[index].Equal(entry.date) {
continue
}
if !entry.date.Before(dateCutoff) {
appendEntry(filteredEntries, environment, test, entry)
}
}
}
}
return filteredEntries
}

177
hack/jenkins/test-flake-chart/compute_flake_rate.sh Normal file
View File

@ -0,0 +1,177 @@
#!/bin/bash
# Copyright 2021 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -eux -o pipefail
# Get directory of script.
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
# Update html+js of flake charts.
gsutil cp "${DIR}/flake_chart.html" gs://minikube-flake-rate/flake_chart.html
gsutil cp "${DIR}/flake_chart.js" gs://minikube-flake-rate/flake_chart.js
DATA_CSV=$(mktemp)
FLAKE_RATES_CSV=$(mktemp)
# Get raw test data.
gsutil cp gs://minikube-flake-rate/data.csv "${DATA_CSV}"
# Compute flake rates.
go run "${DIR}/compute_flake_rate.go" --data-csv="${DATA_CSV}" --date-range=15 > "${FLAKE_RATES_CSV}"
# Upload flake rates.
gsutil cp "${FLAKE_RATES_CSV}" gs://minikube-flake-rate/flake_rates.csv
# Threshold to open issues at (either creation or re-opening)
OPEN_ISSUE_THRESHOLD=80
# Threshold to close existing issues at
CLOSE_ISSUE_THRESHOLD=20
"${DIR}/../installers/check_install_gh.sh" || true
# Get a list of issues from Github and extract only those that look like flake issues.
# Sort by test name for later usage.
EXISTING_ISSUES_LIST=$(mktemp)
gh issue list -L 10000 -s all -A "minikube-bot" -l kind/failing-test \
| awk '-F\t' 'BEGIN { OFS="," } {
where = match($3, /^Frequent test failures of `([a-zA-Z0-9.\/_-]*)`$/, captures)
if (where != 0) {
print $1, $2, captures[1]
}
}' \
| sort -t , -k 3,3 \
> "${EXISTING_ISSUES_LIST}"
# Get a list of only the tests for each issue.
EXISTING_ISSUES_TESTS_ONLY=$(mktemp)
awk -F, '{ print $3 }' "${EXISTING_ISSUES_LIST}" \
> "${EXISTING_ISSUES_TESTS_ONLY}"
# Get a list of all tests present in the flake rate CSV.
FLAKES_TESTS_ONLY=$(mktemp)
awk -F, 'NR>1 {
print $2
}' "${FLAKE_RATES_CSV}" \
| sort \
| uniq \
> "${FLAKES_TESTS_ONLY}"
# 1) Get only entries above the close threshold
# 2) Sort by the test name
# 3) Ensure the list is unique
# 4) Store in $MID_FLAKES_DATA
MID_FLAKES_DATA=$(mktemp)
awk -F, 'BEGIN { OFS="," } NR>1 {
if ($3 >= '${CLOSE_ISSUE_THRESHOLD}') {
print $1, $2, $3
}
}' "${FLAKE_RATES_CSV}" \
| sort -t , -k 2,2\
| uniq \
> "${MID_FLAKES_DATA}"
# 1) Get only the test names from the $MID_FLAKES_DATA
# 2) Ensure the list is unique
# 3) Get only tests not present in the $MID_FLAKES_DATA
CLOSE_ISSUES_LIST=$(mktemp)
awk -F, '{ print $2 }' "${MID_FLAKES_DATA}" \
| uniq \
| comm -13 - "${FLAKES_TESTS_ONLY}" \
> "${CLOSE_ISSUES_LIST}"
# Get test names of issues that are not present in the flake rate CSV and append
# to the close-issues list.
awk -F, 'NR>1 { print $2 }' "${FLAKE_RATES_CSV}" \
| sort \
| uniq \
| comm -13 - "${EXISTING_ISSUES_TESTS_ONLY}" \
>> "${CLOSE_ISSUES_LIST}"
# 1) Sort the close-issues list
# 2) Ensure the list is unique
# 3) Filter the existing issues to only include issues we intend to close
# 4) Extract only the issue number
# 5) Close the issue
sort "${CLOSE_ISSUES_LIST}" \
| uniq \
| join -t , -1 1 -2 3 - "${EXISTING_ISSUES_LIST}" \
| awk -F, '{ if ($3 == "OPEN") { print $2 } }' \
| xargs -I % gh issue close %
# Filter the $MID_FLAKES_DATA for tests that surpass the $OPEN_ISSUE_THRESHOLD.
# Also, only return the test name
OPEN_ISSUES_LIST=$(mktemp)
awk -F, '{
if ($3 >= '${OPEN_ISSUE_THRESHOLD}') {
print $2
}
}' "${MID_FLAKES_DATA}" \
| uniq \
> "${OPEN_ISSUES_LIST}"
# 1) Get existing issues that we want to be open
# 2) Filter for only closed issues, and get just the issue number
# 3) Reopen the issue
join -t , -1 1 -2 3 "${OPEN_ISSUES_LIST}" "${EXISTING_ISSUES_LIST}" \
| awk -F, '{
if ($3 == "CLOSED") {
print $2
}
}' \
| xargs -I % gh issue reopen %
# 1) Get only tests without an existing issue
# 2) For each test, create an issue for it and format into a row for $EXISTING_ISSUES_LIST
# 3) Append to $EXISTING_ISSUES_LIST
comm -13 "${EXISTING_ISSUES_TESTS_ONLY}" "${OPEN_ISSUES_LIST}" \
| xargs -I % sh -c \
'gh issue create -b "Will be filled in with details" -l kind/failing-test -l priority/backlog -t "Frequent test failures of \`%\`" \
| sed -n -r "s~^https://github.com/kubernetes/minikube/issues/([0-9]*)$~\1,OPEN,%~p"' \
>> "${EXISTING_ISSUES_LIST}"
# Re-sort $EXISTING_ISSUES_LIST to account for any newly created issues.
sort -t , -k 3,3 "${EXISTING_ISSUES_LIST}" -o "${EXISTING_ISSUES_LIST}"
# Join the existing issues with those that we wish to report.
# Only take the test name and issue number.
MID_FLAKES_ISSUES=$(mktemp)
join -t , -1 2 -2 3 "${MID_FLAKES_DATA}" "${EXISTING_ISSUES_LIST}" \
| awk -F, 'BEGIN { OFS="," } { print $1, $4 }' \
| uniq \
> "${MID_FLAKES_ISSUES}"
# Go through each high-flake issue.
ISSUE_BODY_TMP=$(mktemp)
for ROW in $(cat ${MID_FLAKES_ISSUES}); do
# Parse the row into its test name and issue number.
IFS=','; ROW_ENTRIES=($ROW); unset IFS
TEST_NAME=${ROW_ENTRIES[0]}
ISSUE_NUMBER=${ROW_ENTRIES[1]}
# Clear $ISSUE_BODY_TMP and fill with the standard header.
printf "This test has high flake rates for the following environments:\n\n|Environment|Flake Rate (%%)|\n|---|---|\n" > "${ISSUE_BODY_TMP}"
TEST_CHART_LINK_FORMAT='https://storage.googleapis.com/minikube-flake-rate/flake_chart.html?env=%1$s&test='${TEST_NAME}
# 1) Filter $MID_FLAKES_DATA to only include entries with the given test name
# 2) Sort by flake rates in descending order
# 3) Format the entry into a row in the table
# 4) Append all entries to $ISSUE_BODY_TMP
echo "${TEST_NAME}" \
| join -t , -1 1 -2 2 - "${MID_FLAKES_DATA}" \
| sort -t , -g -r -k 3,3 \
| awk -F, '{ printf "|[%1$s]('$TEST_CHART_LINK_FORMAT')|%2$s|\n", $2, $3 }' \
>> "${ISSUE_BODY_TMP}"
# Edit the issue body to use $ISSUE_BODY_TMP
gh issue edit "${ISSUE_NUMBER}" --body "$(cat "$ISSUE_BODY_TMP")"
done

34
hack/jenkins/test-flake-chart/compute_flake_rate_test.go
View File

@ -51,12 +51,12 @@ func compareEntrySlices(t *testing.T, actualData, expectedData []testEntry, extr
func TestReadData(t *testing.T) {
actualData := readData(strings.NewReader(
`A,B,C,D,E,F
hash,2000-01-01,env1,test1,Passed,1
hash,2001-01-01,env2,test2,Failed,0.5
hash,,,test1,,0.6
hash,2002-01-01,,,Passed,0.9
hash,2003-01-01,env3,test3,Passed,2`,
`A,B,C,D,E,F,G,H,I
hash,2000-01-01,env1,test1,Passed,1,1,1,1
hash,2001-01-01,env2,test2,Failed,0.5,,,
hash,,,test1,,0.6,,,
hash,2002-01-01,,,Passed,0.9,,,
hash,2003-01-01,env3,test3,Passed,2,,,`,
))
expectedData := []testEntry{
{
@ -179,7 +179,7 @@ func TestSplitData(t *testing.T) {
}
func TestFilterRecentEntries(t *testing.T) {
entryE1T1R1, entryE1T1R2, entryE1T1R3, entryE1T1O1, entryE1T1O2 := testEntry{
entryE1T1O1, entryE1T1O2, entryE1T1O3, entryE1T1O4, entryE1T1O5 := testEntry{
name: "test1",
environment: "env1",
date: simpleDate(2000, 4),
@ -221,7 +221,7 @@ func TestFilterRecentEntries(t *testing.T) {
date: simpleDate(2001, 1),
status: "Passed",
}
entryE2T2R1, entryE2T2R2, entryE2T2O1 := testEntry{
entryE2T2R1, entryE2T2R2, entryE2T2R3 := testEntry{
name: "test2",
environment: "env2",
date: simpleDate(2003, 3),
@ -241,34 +241,29 @@ func TestFilterRecentEntries(t *testing.T) {
actualData := filterRecentEntries(splitEntryMap{
"env1": {
"test1": {
entryE1T1R1,
entryE1T1R2,
entryE1T1R3,
entryE1T1O1,
entryE1T1O2,
entryE1T1O3,
entryE1T1O4,
entryE1T1O5,
},
"test2": {
entryE1T2O1,
entryE1T2R1,
entryE1T2R2,
entryE1T2O1,
},
},
"env2": {
"test2": {
entryE2T2R1,
entryE2T2R2,
entryE2T2O1,
entryE2T2R3,
},
},
}, 2)
}, simpleDate(2001, 2))
expectedData := splitEntryMap{
"env1": {
"test1": {
entryE1T1R1,
entryE1T1R2,
entryE1T1R3,
},
"test2": {
entryE1T2R1,
entryE1T2R2,
@ -278,6 +273,7 @@ func TestFilterRecentEntries(t *testing.T) {
"test2": {
entryE2T2R1,
entryE2T2R2,
entryE2T2R3,
},
},
}

13
hack/jenkins/test-flake-chart/flake_chart.html
View File

@ -1,5 +1,9 @@
<html>
<head>
<meta http-equiv="CacheControl" content="no-cache, no-store, must-revalidate"/>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="0"/>
<script type="text/javascript" src="https://www.gstatic.com/charts/loader.js"></script>
<script src='https://cdnjs.cloudflare.com/ajax/libs/tablesort/5.2.1/tablesort.min.js'></script>
<!-- Include sort types you need -->
@ -20,6 +24,13 @@
</head>
<body>
<div id="chart_div"></div>
<div id="data_date_container" style="text-align: right; display: none">
Data collected on <span id="data_date"></span>
</div>
</body>
<script src="flake_chart.js"></script>
<script>
const el = document.createElement('script');
el.setAttribute('src', `flake_chart.js?t=${Math.random()}`);
document.head.appendChild(el);
</script>
</html>

116
hack/jenkins/test-flake-chart/flake_chart.js
View File

@ -14,14 +14,13 @@ function displayError(message) {
document.body.appendChild(element);
}
// Creates a generator that reads the response body one line at a time.
async function* bodyByLinesIterator(response, updateProgress) {
// Reads `response` into an array of lines while calling `updateProgress` in between.
async function getBodyLinesWithProgress(response, updateProgress) {
const utf8Decoder = new TextDecoder('utf-8');
const reader = response.body.getReader();
const re = /\n|\r|\r\n/gm;
const lines = [];
let pendingText = "";
let readerDone = false;
while (!readerDone) {
// Read a chunk.
@ -34,27 +33,22 @@ async function* bodyByLinesIterator(response, updateProgress) {
updateProgress(chunk.length);
const decodedChunk = utf8Decoder.decode(chunk);
let startIndex = 0;
let result;
// Keep processing until there are no more new lines.
while ((result = re.exec(decodedChunk)) !== null) {
const text = decodedChunk.substring(startIndex, result.index);
startIndex = re.lastIndex;
const line = pendingText + text;
const sublines = decodedChunk.split('\n');
for (let i = 0; i < sublines.length - 1; i++) {
const fullLine = pendingText + sublines[i];
pendingText = "";
if (line !== "") {
yield line;
if (fullLine !== "") {
lines.push(fullLine);
}
}
// Any text after the last new line is appended to any pending text.
pendingText += decodedChunk.substring(startIndex);
pendingText = sublines[sublines.length - 1];
}
// If there is any text remaining, return it.
// If there is any text remaining, append it.
if (pendingText !== "") {
yield pendingText;
lines.push(pendingText);
}
return lines;
}
// Determines whether `str` matches at least one value in `enumObject`.
@ -75,12 +69,18 @@ const testStatus = {
}
async function loadTestData() {
const response = await fetch("data.csv");
const response = await fetch("data.csv", {
headers: {
"Cache-Control": "max-age=3600,must-revalidate",
}
});
if (!response.ok) {
const responseText = await response.text();
throw `Failed to fetch data from GCS bucket. Error: ${responseText}`;
}
const responseDate = new Date(response.headers.get("date").toString());
const box = document.createElement("div");
box.style.width = "100%";
const innerBox = document.createElement("div");
@ -98,20 +98,32 @@ async function loadTestData() {
document.body.appendChild(box);
let readBytes = 0;
const lines = bodyByLinesIterator(response, value => {
const lines = await getBodyLinesWithProgress(response, value => {
readBytes += value;
progressBar.setAttribute("value", readBytes);
});
// Consume the header to ensure the data has the right number of fields.
const header = (await lines.next()).value;
const header = lines[0];
if (header.split(",").length != 9) {
document.body.removeChild(box);
throw `Fetched CSV data contains wrong number of fields. Expected: 9. Actual Header: "${header}"`;
}
progressBarPrompt.textContent = "Parsing data...";
progressBar.setAttribute("max", lines.length);
const testData = [];
let lineData = ["", "", "", "", "", "", "", "", ""];
for await (const line of lines) {
for (let i = 1; i < lines.length; i++) {
if (i % 30000 === 0) {
await new Promise(resolve => {
setTimeout(() => {
progressBar.setAttribute("value", i);
resolve();
});
});
}
const line = lines[i];
let splitLine = line.split(",");
if (splitLine.length != 9) {
console.warn(`Found line with wrong number of fields. Actual: ${splitLine.length} Expected: 9. Line: "${line}"`);
@ -143,7 +155,15 @@ async function loadTestData() {
if (testData.length == 0) {
throw "Fetched CSV data is empty or poorly formatted.";
}
return testData;
return [testData, responseDate];
}
Array.prototype.min = function() {
return this.reduce((acc, val) => Math.min(acc, val), Number.MAX_VALUE)
}
Array.prototype.max = function() {
return this.reduce((acc, val) => Math.max(acc, val), -Number.MAX_VALUE)
}
Array.prototype.sum = function() {
@ -223,7 +243,7 @@ function aggregateWeeklyRuns(testRuns, weekDates) {
}));
}
const jobIdToLink = (jobId, environment) => `https://storage.googleapis.com/minikube-builds/logs/master/${jobId}/${environment}.html`;
const testGopoghLink = (jobId, environment, testName) => `https://storage.googleapis.com/minikube-builds/logs/master/${jobId}/${environment}.html${testName ? `#fail_${testName}` : ``}`;
function displayTestAndEnvironmentChart(testData, testName, environmentName) {
const testRuns = testData
@ -244,17 +264,17 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) {
groupData.date,
groupData.flakeRate,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b>${groupData.date.toString()}</b><br>
<b>Date:</b> ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Flake Percentage:</b> ${groupData.flakeRate.toFixed(2)}%<br>
<b>Jobs:</b><br>
${groupData.jobs.map(({ id, status }) => ` - <a href="${jobIdToLink(id, environmentName)}">${id}</a> (${status})`).join("<br>")}
${groupData.jobs.map(({ id, status }) => ` - <a href="${testGopoghLink(id, environmentName, testName)}">${id}</a> (${status})`).join("<br>")}
</div>`,
groupData.duration,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b>${groupData.date.toString()}</b><br>
<b>Date:</b> ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Average Duration:</b> ${groupData.duration.toFixed(2)}s<br>
<b>Jobs:</b><br>
${groupData.jobs.map(({ id, duration }) => ` - <a href="${jobIdToLink(id, environmentName)}">${id}</a> (${duration}s)`).join("<br>")}
${groupData.jobs.map(({ id, duration }) => ` - <a href="${testGopoghLink(id, environmentName, testName)}">${id}</a> (${duration}s)`).join("<br>")}
</div>`,
])
);
@ -285,8 +305,8 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) {
}
{
const dates = testRuns.map(run => run.date.getTime());
const startDate = new Date(Math.min(...dates));
const endDate = new Date(Math.max(...dates));
const startDate = new Date(dates.min());
const endDate = new Date(dates.max());
const weekDates = [];
let currentDate = startDate;
@ -320,17 +340,17 @@ function displayTestAndEnvironmentChart(testData, testName, environmentName) {
groupData.date,
groupData.flakeRate,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b>${groupData.date.toString()}</b><br>
<b>Date:</b> ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Flake Percentage:</b> ${groupData.flakeRate.toFixed(2)}%<br>
<b>Jobs:</b><br>
${groupData.jobs.map(({ id, status }) => ` - <a href="${jobIdToLink(id, environmentName)}">${id}</a> (${status})`).join("<br>")}
${groupData.jobs.map(({ id, status }) => ` - <a href="${testGopoghLink(id, environmentName, testName)}">${id}</a> (${status})`).join("<br>")}
</div>`,
groupData.duration,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b>${groupData.date.toString()}</b><br>
<b>Date:</b> ${groupData.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Average Duration:</b> ${groupData.duration.toFixed(2)}s<br>
<b>Jobs:</b><br>
${groupData.jobs.map(({ id, duration }) => ` - <a href="${jobIdToLink(id, environmentName)}">${id}</a> (${duration}s)`).join("<br>")}
${groupData.jobs.map(({ id, duration }) => ` - <a href="${testGopoghLink(id, environmentName, testName)}">${id}</a> (${duration}s)`).join("<br>")}
</div>`,
])
);
@ -462,10 +482,10 @@ function displayEnvironmentChart(testData, environmentName) {
data.flakeRate,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b style="display: block">${name}</b><br>
<b>${data.date.toString()}</b><br>
<b>Date:</b> ${data.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Flake Percentage:</b> ${data.flakeRate.toFixed(2)}%<br>
<b>Jobs:</b><br>
${data.jobs.map(({ id, status }) => ` - <a href="${jobIdToLink(id, environmentName)}">${id}</a> (${status})`).join("<br>")}
${data.jobs.map(({ id, status }) => ` - <a href="${testGopoghLink(id, environmentName, name)}">${id}</a> (${status})`).join("<br>")}
</div>`
] : [null, null];
})).flat())
@ -490,8 +510,8 @@ function displayEnvironmentChart(testData, environmentName) {
}
{
const dates = testData.map(run => run.date.getTime());
const startDate = new Date(Math.min(...dates));
const endDate = new Date(Math.max(...dates));
const startDate = new Date(dates.min());
const endDate = new Date(dates.max());
const weekDates = [];
let currentDate = startDate;
@ -539,10 +559,10 @@ function displayEnvironmentChart(testData, environmentName) {
data.flakeRate,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b style="display: block">${name}</b><br>
<b>${data.date.toString()}</b><br>
<b>Date:</b> ${data.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Flake Percentage:</b> ${data.flakeRate.toFixed(2)}%<br>
<b>Jobs:</b><br>
${data.jobs.map(({ id, status }) => ` - <a href="${jobIdToLink(id, environmentName)}">${id}</a> (${status})`).join("<br>")}
${data.jobs.map(({ id, status }) => ` - <a href="${testGopoghLink(id, environmentName, name)}">${id}</a> (${status})`).join("<br>")}
</div>`
] : [null, null];
})).flat())
@ -599,17 +619,17 @@ function displayEnvironmentChart(testData, environmentName) {
dateInfo.date,
dateInfo.testCount,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b>${dateInfo.date.toString()}</b><br>
<b>Date:</b> ${dateInfo.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Test Count (averaged): </b> ${+dateInfo.testCount.toFixed(2)}<br>
<b>Jobs:</b><br>
${dateInfo.runInfo.map(job => ` - <a href="${jobIdToLink(job.rootJob, environmentName)}">${job.rootJob}</a> Test count: ${job.testCount}`).join("<br>")}
${dateInfo.runInfo.map(job => ` - <a href="${testGopoghLink(job.rootJob, environmentName)}">${job.rootJob}</a> Test count: ${job.testCount}`).join("<br>")}
</div>`,
dateInfo.totalDuration,
`<div style="padding: 1rem; font-family: 'Arial'; font-size: 14">
<b>${dateInfo.date.toString()}</b><br>
<b>Date:</b> ${dateInfo.date.toLocaleString([], {dateStyle: 'medium'})}<br>
<b>Total Duration (averaged): </b> ${+dateInfo.totalDuration.toFixed(2)}<br>
<b>Jobs:</b><br>
${dateInfo.runInfo.map(job => ` - <a href="${jobIdToLink(job.rootJob, environmentName)}">${job.rootJob}</a> Total Duration: ${+job.totalDuration.toFixed(2)}s`).join("<br>")}
${dateInfo.runInfo.map(job => ` - <a href="${testGopoghLink(job.rootJob, environmentName)}">${job.rootJob}</a> Total Duration: ${+job.totalDuration.toFixed(2)}s`).join("<br>")}
</div>`,
]));
const options = {
@ -636,7 +656,7 @@ function displayEnvironmentChart(testData, environmentName) {
chart.draw(data, options);
}
document.body.appendChild(
chartsContainer.appendChild(
createRecentFlakePercentageTable(
recentFlakePercentage,
previousFlakePercentageMap,
@ -645,11 +665,11 @@ function displayEnvironmentChart(testData, environmentName) {
async function init() {
google.charts.load('current', { 'packages': ['corechart'] });
let testData;
let testData, responseDate;
try {
// Wait for Google Charts to load, and for test data to load.
// Only store the test data (at index 1) into `testData`.
testData = (await Promise.all([
[testData, responseDate] = (await Promise.all([
new Promise(resolve => google.charts.setOnLoadCallback(resolve)),
loadTestData()
]))[1];
@ -666,6 +686,8 @@ async function init() {
} else {
displayTestAndEnvironmentChart(testData, desiredTest, desiredEnvironment);
}
document.querySelector('#data_date_container').style.display = 'block';
document.querySelector('#data_date').innerText = responseDate.toLocaleString();
}
init();

48
hack/jenkins/test-flake-chart/report_flakes.sh
View File

@ -42,11 +42,15 @@ TMP_DATA=$(mktemp)
# 5) Filter tests to only include failed tests (and only get their names and environment).
# 6) Sort by environment, then test name.
# 7) Store in file $TMP_DATA.
< "${ENVIRONMENT_LIST}" sed -r "s|^|gs://minikube-builds/logs/${PR_NUMBER}/${ROOT_JOB}/|; s|$|_summary.json|" \
sed -r "s|^|gs://minikube-builds/logs/${PR_NUMBER}/${ROOT_JOB}/|; s|$|_summary.json|" "${ENVIRONMENT_LIST}" \
| (xargs gsutil ls || true) \
| xargs gsutil cat \
| "$DIR/process_data.sh" \
| sed -n -r -e "s|[0-9a-f]*,[0-9-]*,([a-zA-Z/_0-9-]*),([a-zA-Z/_0-9-]*),Failed,[.0-9]*,[a-zA-Z/_0-9-]*,[0-9]*,[.0-9]*|\1:\2|p" \
| awk -F, 'NR>1 {
if ($5 == "Failed") {
printf "%s:%s\n", $3, $4
}
}' \
| sort \
> "$TMP_DATA"
@ -54,17 +58,32 @@ TMP_DATA=$(mktemp)
TMP_FLAKE_RATES=$(mktemp)
gsutil cp gs://minikube-flake-rate/flake_rates.csv "$TMP_FLAKE_RATES"
TMP_FAILED_RATES="$TMP_FLAKE_RATES\_filtered"
TMP_FAILED_RATES=$(mktemp)
# 1) Parse the flake rates to only include the environment and test name.
# 2) Sort the environment+test names.
# 3) Get all lines in $TMP_DATA not present in $TMP_FLAKE_RATES.
# 4) Append column containing "n/a" to data.
# 4) Store in $TMP_FAILED_RATES
awk -F, 'NR>1 {
printf "%s:%s\n", $1, $2
}' "$TMP_FLAKE_RATES" \
| sort \
| comm -13 - "$TMP_DATA" \
| sed -r -e 's|$|,n/a|' \
> "$TMP_FAILED_RATES"
# 1) Parse the flake rates to only include the environment, test name, and flake rates.
# 2) Sort the flake rates based on environment+test name.
# 3) Join the flake rates with the failing tests to only get flake rates of failing tests.
# 4) Sort failed test flake rates based on the flakiness of that test - stable tests should be first on the list.
# 5) Store in file $TMP_FAILED_RATES.
< "$TMP_FLAKE_RATES" sed -n -r -e "s|([a-zA-Z0-9_-]*),([a-zA-Z/0-9_-]*),([.0-9]*),[.0-9]*|\1:\2,\3|p" \
# 5) Append to file $TMP_FAILED_RATES.
awk -F, 'NR>1 {
printf "%s:%s,%s\n", $1, $2, $3
}' "$TMP_FLAKE_RATES" \
| sort -t, -k1,1 \
| join -t , -j 1 "$TMP_DATA" - \
| sort -g -t, -k2,2 \
> "$TMP_FAILED_RATES"
>> "$TMP_FAILED_RATES"
FAILED_RATES_LINES=$(wc -l < "$TMP_FAILED_RATES")
if [[ "$FAILED_RATES_LINES" -eq 0 ]]; then
@ -77,14 +96,21 @@ TMP_COMMENT=$(mktemp)
printf "These are the flake rates of all failed tests.\n|Environment|Failed Tests|Flake Rate (%%)|\n|---|---|---|\n" > "$TMP_COMMENT"
# Create variables to use for sed command.
ENV_CHART_LINK_FORMAT="https://storage.googleapis.com/minikube-flake-rate/flake_chart.html?env=\1"
TEST_CHART_LINK_FORMAT="${ENV_CHART_LINK_FORMAT}\&test=\2"
TEST_GOPOGH_LINK_FORMAT="https://storage.googleapis.com/minikube-builds/logs/${PR_NUMBER}/${ROOT_JOB}/\1.html#fail_\2"
ENV_CHART_LINK_FORMAT='https://storage.googleapis.com/minikube-flake-rate/flake_chart.html?env=%1$s'
TEST_CHART_LINK_FORMAT=${ENV_CHART_LINK_FORMAT}'&test=%2$s'
TEST_GOPOGH_LINK_FORMAT='https://storage.googleapis.com/minikube-builds/logs/'${PR_NUMBER}'/'${ROOT_JOB}'/%1$s.html#fail_%2$s'
# 1) Get the first $MAX_REPORTED_TESTS lines.
# 2) Print a row in the table with the environment, test name, flake rate, and a link to the flake chart for that test.
# 3) Append these rows to file $TMP_COMMENT.
< "$TMP_FAILED_RATES" head -n $MAX_REPORTED_TESTS \
| sed -n -r -e "s|([a-zA-Z\/0-9_-]*):([a-zA-Z\/0-9_-]*),([.0-9]*)|\|[\1](${ENV_CHART_LINK_FORMAT})\|\2 ([gopogh](${TEST_GOPOGH_LINK_FORMAT}))\|\3 ([chart](${TEST_CHART_LINK_FORMAT}))\||p" \
head -n "$MAX_REPORTED_TESTS" "$TMP_FAILED_RATES" \
| awk '-F[:,]' '{
if ($3 != "n/a") {
rate_text = sprintf("%3$s ([chart]('$TEST_CHART_LINK_FORMAT'))", $1, $2, $3)
} else {
rate_text = $3
}
printf "|[%1$s]('$ENV_CHART_LINK_FORMAT')|%2$s ([gopogh]('$TEST_GOPOGH_LINK_FORMAT'))|%3$s|\n", $1, $2, rate_text
}' \
>> "$TMP_COMMENT"
# If there are too many failing tests, add an extra row explaining this, and a message after the table.

2
hack/jenkins/windows_cleanup_and_reboot_docker.ps1
View File

@ -15,6 +15,6 @@ if (Jenkins) {
exit 0
}
echo "doing it"
docker system prune --all --force
docker system prune --all --force --volumes
Get-Process "*Docker Desktop*" | Stop-Process
shutdown /r

2
hack/jenkins/windows_integration_teardown.ps1
View File

@ -16,7 +16,7 @@ $test_home="$env:HOMEDRIVE$env:HOMEPATH\minikube-integration"
if ($driver -eq "docker") {
# Remove unused images and containers
docker system prune --all --force
docker system prune --all --force --volumes
# Just shutdown Docker, it's safer than anything else
Get-Process "*Docker Desktop*" | Stop-Process

6
hack/update/golang_version/update_golang_version.go
View File

@ -90,6 +90,12 @@ var (
`GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`,
},
},
".github/workflows/update-golint-version.yml": {
Replace: map[string]string{
`GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`,
},
},
".github/workflows/time-to-k8s-public-chart.yml": {
Replace: map[string]string{
`GO_VERSION: .*`: `GO_VERSION: '{{.StableVersion}}'`,

88
hack/update/golint_version/update_golint_version.go Normal file
View File

@ -0,0 +1,88 @@
/*
Copyright 2020 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/*
Script expects the following env variables:
- UPDATE_TARGET=<string>: optional - if unset/absent, default option is "fs"; valid options are:
- "fs" - update only local filesystem repo files [default]
- "gh" - update only remote GitHub repo files and create PR (if one does not exist already)
- "all" - update local and remote repo files and create PR (if one does not exist already)
- GITHUB_TOKEN=<string>: GitHub [personal] access token
- note: GITHUB_TOKEN is required if UPDATE_TARGET is "gh" or "all"
*/
package main
import (
"context"
"time"
"golang.org/x/mod/semver"
"k8s.io/klog/v2"
"k8s.io/minikube/hack/update"
)
const (
// default context timeout
cxTimeout = 300 * time.Second
)
var (
schema = map[string]update.Item{
"Makefile": {
Replace: map[string]string{
`GOLINT_VERSION \?= v1.*`: `GOLINT_VERSION ?= {{.StableVersion}}`,
},
},
}
// PR data
prBranchPrefix = "update-golint-version_" // will be appended with first 7 characters of the PR commit SHA
prTitle = `update go lint version: {stable: "{{.StableVersion}}"}`
)
// Data holds stable gopogh version in semver format.
type Data struct {
StableVersion string `json:"stableVersion"`
}
func main() {
// set a context with defined timeout
ctx, cancel := context.WithTimeout(context.Background(), cxTimeout)
defer cancel()
// get Golang stable version
stable, err := golintVersion(ctx, "golangci", "golangci-lint")
if err != nil {
klog.Fatalf("Unable to get Golang stable version: %v", err)
}
data := Data{StableVersion: stable}
klog.Infof("Golang stable version: %s", data.StableVersion)
update.Apply(ctx, schema, data, prBranchPrefix, prTitle, 12247)
}
//
// golintVersions returns stable version in semver format.
func golintVersion(ctx context.Context, owner, repo string) (stable string, err error) {
// get Kubernetes versions from GitHub Releases
stable, _, err = update.GHReleases(ctx, owner, repo)
if err != nil || !semver.IsValid(stable) {
return "", err
}
return stable, nil
}

5
hack/update/registry.go
View File

@ -98,10 +98,7 @@ func crUpdate(ctx context.Context, reg registry, image, version string) error {
// TagImage tags local image:current with stable version, and returns any error occurred.
func TagImage(ctx context.Context, image, current, stable string) error {
tag := exec.CommandContext(ctx, "docker", "tag", image+":"+current, image+":"+stable)
if err := RunWithRetryNotify(ctx, tag, nil, 1*time.Second, 10); err != nil {
return err
}
return nil
return RunWithRetryNotify(ctx, tag, nil, 1*time.Second, 10)
}
// PullImage checks if current image exists locally, tries to pull it if not, and returns reference image url and any error occurred.

7
hack/update/update.go
View File

@ -192,7 +192,7 @@ func RunWithRetryNotify(ctx context.Context, cmd *exec.Cmd, stdin io.Reader, max
notify := func(err error, wait time.Duration) {
klog.Errorf("Temporary error running '%s' (will retry in %s): %v", cmd.String(), wait, err)
}
if err := backoff.RetryNotify(func() error {
return backoff.RetryNotify(func() error {
cmd.Stdin = stdin
var stderr bytes.Buffer
cmd.Stderr = &stderr
@ -201,10 +201,7 @@ func RunWithRetryNotify(ctx context.Context, cmd *exec.Cmd, stdin io.Reader, max
return fmt.Errorf("%w: %s", err, stderr.String())
}
return nil
}, bc, notify); err != nil {
return err
}
return nil
}, bc, notify)
}
// Run runs command cmd with stdin

48
pkg/addons/addons.go
View File

@ -26,6 +26,7 @@ import (
"sync"
"time"
"github.com/blang/semver/v4"
"github.com/pkg/errors"
"github.com/spf13/viper"
@ -44,15 +45,16 @@ import (
"k8s.io/minikube/pkg/minikube/reason"
"k8s.io/minikube/pkg/minikube/style"
"k8s.io/minikube/pkg/minikube/sysinit"
"k8s.io/minikube/pkg/util"
"k8s.io/minikube/pkg/util/retry"
)
// Force is used to override checks for addons
var Force bool = false
var Force = false
// Refresh is used to refresh pods in specific cases when an addon is enabled
// Currently only used for gcp-auth
var Refresh bool = false
var Refresh = false
// RunCallbacks runs all actions associated to an addon, but does not set it (thread-safe)
func RunCallbacks(cc *config.ClusterConfig, name string, value string) error {
@ -153,21 +155,16 @@ func EnableOrDisableAddon(cc *config.ClusterConfig, name string, val string) err
// to match both ingress and ingress-dns addons
if strings.HasPrefix(name, "ingress") && enable {
if driver.IsKIC(cc.Driver) {
if runtime.GOOS == "windows" {
if runtime.GOOS == "windows" || runtime.GOOS == "darwin" {
out.Styled(style.Tip, `After the addon is enabled, please run "minikube tunnel" and your ingress resources would be available at "127.0.0.1"`)
} else if runtime.GOOS != "linux" {
exit.Message(reason.Usage, `Due to networking limitations of driver {{.driver_name}} on {{.os_name}}, {{.addon_name}} addon is not supported.
Alternatively to use this addon you can use a vm-based driver:
'minikube start --vm=true'
To track the update on this work in progress feature please check:
https://github.com/kubernetes/minikube/issues/7332`, out.V{"driver_name": cc.Driver, "os_name": runtime.GOOS, "addon_name": name})
} else if driver.BareMetal(cc.Driver) {
out.WarningT(`Due to networking limitations of driver {{.driver_name}}, {{.addon_name}} addon is not fully supported. Try using a different driver.`,
out.V{"driver_name": cc.Driver, "addon_name": name})
}
}
if err := supportLegacyIngress(cc); err != nil {
return err
}
}
if strings.HasPrefix(name, "istio") && enable {
@ -254,6 +251,33 @@ func isAddonAlreadySet(cc *config.ClusterConfig, addon *assets.Addon, enable boo
return false
}
// maintain backwards compatibility with k8s < v1.19
// by replacing images with old versions if custom ones are not already provided
func supportLegacyIngress(cc *config.ClusterConfig) error {
v, err := util.ParseKubernetesVersion(cc.KubernetesConfig.KubernetesVersion)
if err != nil {
return errors.Wrap(err, "parsing Kubernetes version")
}
if semver.MustParseRange("<1.19.0")(v) {
imgs := map[string]string{
// https://github.com/kubernetes/ingress-nginx/blob/f3c50698d98299b1a61f83cb6c4bb7de0b71fb4b/deploy/static/provider/kind/deploy.yaml#L327
"IngressController": "ingress-nginx/controller:v0.49.0@sha256:e9707504ad0d4c119036b6d41ace4a33596139d3feb9ccb6617813ce48c3eeef",
// issues: https://github.com/kubernetes/ingress-nginx/issues/7418 and https://github.com/jet/kube-webhook-certgen/issues/30
"KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",
"KubeWebhookCertgenPatch": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",
}
if cc.CustomAddonImages == nil {
cc.CustomAddonImages = map[string]string{}
}
for name, path := range imgs {
if _, exists := cc.CustomAddonImages[name]; !exists {
cc.CustomAddonImages[name] = path
}
}
}
return nil
}
func enableOrDisableAddonInternal(cc *config.ClusterConfig, addon *assets.Addon, runner command.Runner, data interface{}, enable bool) error {
deployFiles := []string{}
@ -377,7 +401,7 @@ func Start(wg *sync.WaitGroup, cc *config.ClusterConfig, toEnable map[string]boo
var awg sync.WaitGroup
enabledAddons := []string{}
var enabledAddons []string
defer func() { // making it show after verifications (see #7613)
register.Reg.SetStep(register.EnablingAddons)

34
pkg/addons/addons_gcpauth.go
View File

@ -23,8 +23,10 @@ import (
"os"
"os/exec"
"strconv"
"strings"
"time"
gcr_config "github.com/GoogleCloudPlatform/docker-credential-gcr/config"
"github.com/pkg/errors"
"golang.org/x/oauth2/google"
corev1 "k8s.io/api/core/v1"
@ -61,10 +63,6 @@ func enableOrDisableGCPAuth(cfg *config.ClusterConfig, name string, val string)
}
func enableAddonGCPAuth(cfg *config.ClusterConfig) error {
if !Force && detect.IsOnGCE() {
exit.Message(reason.InternalCredsNotNeeded, "It seems that you are running in GCE, which means authentication should work without the GCP Auth addon. If you would still like to authenticate using a credentials file, use the --force flag.")
}
// Grab command runner from running cluster
cc := mustload.Running(cfg.Name)
r := cc.CP.Runner
@ -76,6 +74,18 @@ func enableAddonGCPAuth(cfg *config.ClusterConfig) error {
exit.Message(reason.InternalCredsNotFound, "Could not find any GCP credentials. Either run `gcloud auth application-default login` or set the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of your credentials file.")
}
// Create a registry secret in every namespace we can find
// Always create the pull secret, no matter where we are
err = createPullSecret(cfg, creds)
if err != nil {
return errors.Wrap(err, "pull secret")
}
// If the env var is explicitly set, even in GCE, then defer to the user and continue
if !Force && detect.IsOnGCE() && os.Getenv("GOOGLE_APPLICATION_CREDENTUALS") == "" {
exit.Message(reason.InternalCredsNotNeeded, "It seems that you are running in GCE, which means authentication should work without the GCP Auth addon. If you would still like to authenticate using a credentials file, use the --force flag.")
}
// Actually copy the creds over
f := assets.NewMemoryAssetTarget(creds.JSON, credentialsPath, "0444")
@ -84,12 +94,6 @@ func enableAddonGCPAuth(cfg *config.ClusterConfig) error {
return err
}
// Create a registry secret in every namespace we can find
err = createPullSecret(cfg, creds)
if err != nil {
return errors.Wrap(err, "pull secret")
}
// First check if the project env var is explicitly set
projectEnv := os.Getenv("GOOGLE_CLOUD_PROJECT")
if projectEnv != "" {
@ -131,8 +135,16 @@ func createPullSecret(cc *config.ClusterConfig, creds *google.Credentials) error
token, err := creds.TokenSource.Token()
// Only try to add secret if Token was found
if err == nil {
dockercfg := ""
registries := append(gcr_config.DefaultGCRRegistries[:], gcr_config.DefaultARRegistries[:]...)
for _, reg := range registries {
dockercfg += fmt.Sprintf(`"https://%s":{"username":"oauth2accesstoken","password":"%s","email":"none"},`, reg, token.AccessToken)
}
dockercfg = strings.TrimSuffix(dockercfg, ",")
data := map[string][]byte{
".dockercfg": []byte(fmt.Sprintf(`{"https://gcr.io":{"username":"oauth2accesstoken","password":"%s","email":"none"}, "https://us-docker.pkg.dev":{"username":"oauth2accesstoken","password":"%s","email":"none"}}`, token.AccessToken, token.AccessToken)),
".dockercfg": []byte(fmt.Sprintf(`{%s}`, dockercfg)),
}
for _, n := range namespaces.Items {

5
pkg/drivers/hyperkit/driver.go
View File

@ -276,10 +276,7 @@ func (d *Driver) Start() error {
return err
}
if err := d.setupNFSMounts(); err != nil {
return err
}
return nil
return d.setupNFSMounts()
}
func (d *Driver) setupIP(mac string) error {

8
pkg/drivers/kic/types.go
View File

@ -24,13 +24,13 @@ import (
const (
// Version is the current version of kic
Version = "v0.0.25"
Version = "v0.0.25-1628619379-12032"
// SHA of the kic base image
baseImageSHA = "6f936e3443b95cd918d77623bf7b595653bb382766e280290a02b4a349e88b79"
baseImageSHA = "937faef407987cbd8b3cb0a90c6c5dfd664817d5377be0b77a4ecbf0f9f9c1b6"
// The name of the GCR kicbase repository
gcrRepo = "gcr.io/k8s-minikube/kicbase"
gcrRepo = "gcr.io/k8s-minikube/kicbase-builds"
// The name of the Dockerhub kicbase repository
dockerhubRepo = "docker.io/kicbase/stable"
dockerhubRepo = "docker.io/kicbase/build"
)
var (

65
pkg/drivers/kvm/domain.go
View File

@ -23,71 +23,11 @@ import (
"fmt"
"text/template"
libvirt "github.com/libvirt/libvirt-go"
"github.com/docker/machine/libmachine/log"
"github.com/libvirt/libvirt-go"
"github.com/pkg/errors"
)
const domainTmpl = `
<domain type='kvm'>
<name>{{.MachineName}}</name>
<memory unit='MiB'>{{.Memory}}</memory>
<vcpu>{{.CPU}}</vcpu>
<features>
<acpi/>
<apic/>
<pae/>
{{if .Hidden}}
<kvm>
<hidden state='on'/>
</kvm>
{{end}}
</features>
<cpu mode='host-passthrough'>
{{if gt .NUMANodeCount 1}}
{{.NUMANodeXML}}
{{end}}
</cpu>
<os>
<type>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<bootmenu enable='no'/>
</os>
<devices>
<disk type='file' device='cdrom'>
<source file='{{.ISO}}'/>
<target dev='hdc' bus='scsi'/>
<readonly/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='default' io='threads' />
<source file='{{.DiskPath}}'/>
<target dev='hda' bus='virtio'/>
</disk>
<interface type='network'>
<source network='{{.PrivateNetwork}}'/>
<model type='virtio'/>
</interface>
<interface type='network'>
<source network='{{.Network}}'/>
<model type='virtio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<rng model='virtio'>
<backend model='random'>/dev/random</backend>
</rng>
{{if .GPU}}
{{.DevicesXML}}
{{end}}
</devices>
</domain>
`
func (d *Driver) getDomain() (*libvirt.Domain, *libvirt.Connect, error) {
conn, err := getConnection(d.ConnectionURI)
if err != nil {
@ -135,6 +75,7 @@ func (d *Driver) createDomain() (*libvirt.Domain, error) {
}
defer conn.Close()
log.Infof("define libvirt domain using xml: %v", domainXML.String())
// define the domain in libvirt using the generated XML
dom, err := conn.DomainDefineXML(domainXML.String())
if err != nil {

82
pkg/drivers/kvm/domain_definition_arm64.go Normal file
View File

@ -0,0 +1,82 @@
// +build linux,arm64
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package kvm
const domainTmpl = `
<domain type='kvm'>
<name>{{.MachineName}}</name>
<memory unit='MiB'>{{.Memory}}</memory>
<vcpu>{{.CPU}}</vcpu>
<features>
<acpi/>
<gic version='3'/>
{{if .Hidden}}
<kvm>
<hidden state='on'/>
</kvm>
{{end}}
</features>
<cpu mode='host-passthrough'>
{{if gt .NUMANodeCount 1}}
{{.NUMANodeXML}}
{{end}}
</cpu>
<os>
<loader readonly='yes' type='pflash'>/usr/share/AAVMF/AAVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/ubuntu_VARS.fd</nvram>
<type machine='virt-4.2' arch='aarch64'>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<bootmenu enable='no'/>
</os>
<devices>
<disk type='file' device='cdrom'>
<source file='{{.ISO}}'/>
<target dev='hdc' bus='scsi'/>
<readonly/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='default' io='threads' />
<source file='{{.DiskPath}}'/>
<target dev='hda' bus='virtio'/>
</disk>
<interface type='network'>
<source network='{{.PrivateNetwork}}'/>
<model type='virtio'/>
</interface>
<interface type='network'>
<source network='{{.Network}}'/>
<model type='virtio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<rng model='virtio'>
<backend model='random'>/dev/random</backend>
</rng>
{{if .GPU}}
{{.DevicesXML}}
{{end}}
</devices>
</domain>
`

80
pkg/drivers/kvm/domain_definition_x86.go Normal file
View File

@ -0,0 +1,80 @@
// +build linux,amd64
/*
Copyright 2016 The Kubernetes Authors All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package kvm
const domainTmpl = `
<domain type='kvm'>
<name>{{.MachineName}}</name>
<memory unit='MiB'>{{.Memory}}</memory>
<vcpu>{{.CPU}}</vcpu>
<features>
<acpi/>
<apic/>
<pae/>
{{if .Hidden}}
<kvm>
<hidden state='on'/>
</kvm>
{{end}}
</features>
<cpu mode='host-passthrough'>
{{if gt .NUMANodeCount 1}}
{{.NUMANodeXML}}
{{end}}
</cpu>
<os>
<type>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<bootmenu enable='no'/>
</os>
<devices>
<disk type='file' device='cdrom'>
<source file='{{.ISO}}'/>
<target dev='hdc' bus='scsi'/>
<readonly/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='default' io='threads' />
<source file='{{.DiskPath}}'/>
<target dev='hda' bus='virtio'/>
</disk>
<interface type='network'>
<source network='{{.PrivateNetwork}}'/>
<model type='virtio'/>
</interface>
<interface type='network'>
<source network='{{.Network}}'/>
<model type='virtio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<rng model='virtio'>
<backend model='random'>/dev/random</backend>
</rng>
{{if .GPU}}
{{.DevicesXML}}
{{end}}
</devices>
</domain>
`

11
pkg/drivers/kvm/kvm.go
View File

@ -28,7 +28,7 @@ import (
"github.com/docker/machine/libmachine/drivers"
"github.com/docker/machine/libmachine/log"
"github.com/docker/machine/libmachine/state"
libvirt "github.com/libvirt/libvirt-go"
"github.com/libvirt/libvirt-go"
"github.com/pkg/errors"
pkgdrivers "k8s.io/minikube/pkg/drivers"
"k8s.io/minikube/pkg/util/retry"
@ -320,7 +320,6 @@ func (d *Driver) waitForStaticIP(conn *libvirt.Connect) error {
// Create a host using the driver's config
func (d *Driver) Create() (err error) {
log.Info("Creating KVM machine...")
defer log.Infof("KVM machine creation complete!")
err = d.createNetwork()
if err != nil {
return errors.Wrap(err, "creating network")
@ -364,10 +363,16 @@ func (d *Driver) Create() (err error) {
}
defer func() {
if ferr := dom.Free(); ferr != nil {
log.Warnf("unable to free domain: %v", err)
err = ferr
}
}()
return d.Start()
if err = d.Start(); err != nil {
log.Errorf("unable to start VM: %v", err)
return err
}
log.Infof("KVM machine creation complete!")
return nil
}
// ensureDirPermissions ensures that libvirt has access to access the image store directory

5
pkg/drivers/none/none.go
View File

@ -192,10 +192,7 @@ func (d *Driver) Remove() error {
// Restart a host
func (d *Driver) Restart() error {
if err := sysinit.New(d.exec).Restart("kubelet"); err != nil {
return err
}
return nil
return sysinit.New(d.exec).Restart("kubelet")
}
// Start a host

5
pkg/drivers/ssh/ssh.go
View File

@ -206,10 +206,7 @@ func (d *Driver) Stop() error {
// Restart a host
func (d *Driver) Restart() error {
if err := sysinit.New(d.exec).Restart("kubelet"); err != nil {
return err
}
return nil
return sysinit.New(d.exec).Restart("kubelet")
}
// Kill stops a host forcefully, including any containers that we are managing.

2
pkg/gvisor/enable.go
View File

@ -62,7 +62,7 @@ func Enable() error {
return errors.Wrap(err, "restarting containerd")
}
// When pod is terminated, disable gvisor and exit
c := make(chan os.Signal)
c := make(chan os.Signal, 1)
signal.Notify(c, os.Interrupt, syscall.SIGTERM)
go func() {
<-c

49
pkg/minikube/assets/addons.go
View File

@ -21,12 +21,15 @@ import (
"runtime"
"strings"
"github.com/blang/semver/v4"
"github.com/pkg/errors"
"github.com/spf13/viper"
"k8s.io/minikube/deploy/addons"
"k8s.io/minikube/pkg/minikube/config"
"k8s.io/minikube/pkg/minikube/constants"
"k8s.io/minikube/pkg/minikube/out"
"k8s.io/minikube/pkg/minikube/vmpath"
"k8s.io/minikube/pkg/util"
"k8s.io/minikube/pkg/version"
)
@ -230,24 +233,17 @@ var Addons = map[string]*Addon{
}),
"ingress": NewAddon([]*BinAsset{
MustBinAsset(addons.IngressAssets,
"ingress/ingress-configmap.yaml.tmpl",
"ingress/ingress-deploy.yaml.tmpl",
vmpath.GuestAddonsDir,
"ingress-configmap.yaml",
"0640"),
MustBinAsset(addons.IngressAssets,
"ingress/ingress-rbac.yaml.tmpl",
vmpath.GuestAddonsDir,
"ingress-rbac.yaml",
"0640"),
MustBinAsset(addons.IngressAssets,
"ingress/ingress-dp.yaml.tmpl",
vmpath.GuestAddonsDir,
"ingress-dp.yaml",
"ingress-deploy.yaml",
"0640"),
}, false, "ingress", "", map[string]string{
"IngressController": "ingress-nginx/controller:v0.44.0@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a",
"KubeWebhookCertgenCreate": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",
"KubeWebhookCertgenPatch": "docker.io/jettech/kube-webhook-certgen:v1.5.1@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7",
// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L323
"IngressController": "ingress-nginx/controller:v1.0.0-beta.3@sha256:44a7a06b71187a4529b0a9edee5cc22bdf71b414470eff696c3869ea8d90a695",
// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L612
"KubeWebhookCertgenCreate": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068",
// https://github.com/kubernetes/ingress-nginx/blob/557604f4ef526f7755d36089b617bc7686c389f9/deploy/static/provider/kind/deploy.yaml#L660
"KubeWebhookCertgenPatch": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068",
}, map[string]string{
"IngressController": "k8s.gcr.io",
}),
@ -314,8 +310,9 @@ var Addons = map[string]*Addon{
"olm.yaml",
"0640"),
}, false, "olm", "", map[string]string{
"OLM": "operator-framework/olm:v0.17.0@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607",
"UpstreamCommunityOperators": "operator-framework/upstream-community-operators:07bbc13@sha256:cc7b3fdaa1ccdea5866fcd171669dc0ed88d3477779d8ed32e3712c827e38cc0",
"OLM": "operator-framework/olm@sha256:e74b2ac57963c7f3ba19122a8c31c9f2a0deb3c0c5cac9e5323ccffd0ca198ed",
// operator-framework/community-operators was deprecated: https://github.com/operator-framework/community-operators#repository-is-obsolete; switching to OperatorHub.io instead
"UpstreamCommunityOperators": "operatorhubio/catalog:latest",
}, map[string]string{
"OLM": "quay.io",
"UpstreamCommunityOperators": "quay.io",
@ -531,13 +528,13 @@ var Addons = map[string]*Addon{
"gcp-auth-service.yaml",
"0640"),
MustBinAsset(addons.GcpAuthAssets,
"gcp-auth/gcp-auth-webhook.yaml.tmpl.tmpl",
"gcp-auth/gcp-auth-webhook.yaml.tmpl",
vmpath.GuestAddonsDir,
"gcp-auth-webhook.yaml",
"0640"),
}, false, "gcp-auth", "google", map[string]string{
"KubeWebhookCertgen": "jettech/kube-webhook-certgen:v1.3.0@sha256:ff01fba91131ed260df3f3793009efbf9686f5a5ce78a85f81c386a4403f7689",
"GCPAuthWebhook": "k8s-minikube/gcp-auth-webhook:v0.0.6@sha256:c407ad6ee97d8a0e8a21c713e2d9af66aaf73315e4a123874c00b786f962f3cd",
"KubeWebhookCertgen": "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.0@sha256:f3b6b39a6062328c095337b4cadcefd1612348fdd5190b1dcbcb9b9e90bd8068",
"GCPAuthWebhook": "k8s-minikube/gcp-auth-webhook:v0.0.7@sha256:be9661afbd47e4042bee1cb48cae858cc2f4b4e121340ee69fdc0013aeffcca4",
}, map[string]string{
"GCPAuthWebhook": "gcr.io",
}),
@ -795,6 +792,7 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net
LoadBalancerStartIP string
LoadBalancerEndIP string
CustomIngressCert string
IngressAPIVersion string
ContainerRuntime string
Images map[string]string
Registries map[string]string
@ -807,6 +805,7 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net
LoadBalancerStartIP: cfg.LoadBalancerStartIP,
LoadBalancerEndIP: cfg.LoadBalancerEndIP,
CustomIngressCert: cfg.CustomIngressCert,
IngressAPIVersion: "v1", // api version for ingress (eg, "v1beta1"; defaults to "v1" for k8s 1.19+)
ContainerRuntime: cfg.ContainerRuntime,
Images: images,
Registries: addon.Registries,
@ -820,6 +819,16 @@ func GenerateTemplateData(addon *Addon, cfg config.KubernetesConfig, netInfo Net
opts.Registries = make(map[string]string)
}
// maintain backwards compatibility with k8s < v1.19
// by using v1beta1 instead of v1 api version for ingress
v, err := util.ParseKubernetesVersion(cfg.KubernetesVersion)
if err != nil {
return errors.Wrap(err, "parsing Kubernetes version")
}
if semver.MustParseRange("<1.19.0")(v) {
opts.IngressAPIVersion = "v1beta1"
}
// Network info for generating template
opts.NetworkInfo["ControlPlaneNodeIP"] = netInfo.ControlPlaneNodeIP
opts.NetworkInfo["ControlPlaneNodePort"] = fmt.Sprint(netInfo.ControlPlaneNodePort)

59
pkg/minikube/assets/vm_assets.go
View File

@ -24,6 +24,7 @@ import (
"io"
"os"
"path"
"strconv"
"time"
"github.com/pkg/errors"
@ -37,8 +38,11 @@ const MemorySource = "memory"
// CopyableFile is something that can be copied
type CopyableFile interface {
io.Reader
io.Writer
GetLength() int
SetLength(int)
GetSourcePath() string
GetTargetPath() string
GetTargetDir() string
GetTargetName() string
@ -62,6 +66,11 @@ func (b *BaseAsset) GetSourcePath() string {
return b.SourcePath
}
// GetTargetPath returns target path
func (b *BaseAsset) GetTargetPath() string {
return path.Join(b.GetTargetDir(), b.GetTargetName())
}
// GetTargetDir returns target dir
func (b *BaseAsset) GetTargetDir() string {
return b.TargetDir
@ -86,6 +95,7 @@ func (b *BaseAsset) GetModTime() (time.Time, error) {
type FileAsset struct {
BaseAsset
reader io.ReadSeeker
writer io.Writer
file *os.File // Optional pointer to close file through FileAsset.Close()
}
@ -134,6 +144,14 @@ func (f *FileAsset) GetLength() (flen int) {
return int(fi.Size())
}
// SetLength sets the file length
func (f *FileAsset) SetLength(flen int) {
err := os.Truncate(f.SourcePath, int64(flen))
if err != nil {
klog.Errorf("truncate(%q) failed: %v", f.SourcePath, err)
}
}
// GetModTime returns modification time of the file
func (f *FileAsset) GetModTime() (time.Time, error) {
fi, err := os.Stat(f.SourcePath)
@ -152,6 +170,23 @@ func (f *FileAsset) Read(p []byte) (int, error) {
return f.reader.Read(p)
}
// Write writes the asset
func (f *FileAsset) Write(p []byte) (int, error) {
if f.writer == nil {
f.file.Close()
perms, err := strconv.ParseUint(f.Permissions, 8, 32)
if err != nil || perms > 07777 {
return 0, err
}
f.file, err = os.OpenFile(f.SourcePath, os.O_RDWR|os.O_CREATE, os.FileMode(perms))
if err != nil {
return 0, err
}
f.writer = io.Writer(f.file)
}
return f.writer.Write(p)
}
// Seek resets the reader to offset
func (f *FileAsset) Seek(offset int64, whence int) (int64, error) {
return f.reader.Seek(offset, whence)
@ -177,11 +212,23 @@ func (m *MemoryAsset) GetLength() int {
return m.length
}
// SetLength returns length
func (m *MemoryAsset) SetLength(len int) {
m.length = len
}
// Read reads the asset
func (m *MemoryAsset) Read(p []byte) (int, error) {
return m.reader.Read(p)
}
// Writer writes the asset
func (m *MemoryAsset) Write(p []byte) (int, error) {
m.length = len(p)
m.reader = bytes.NewReader(p)
return len(p), nil
}
// Seek resets the reader to offset
func (m *MemoryAsset) Seek(offset int64, whence int) (int64, error) {
return m.reader.Seek(offset, whence)
@ -298,6 +345,11 @@ func (m *BinAsset) GetLength() int {
return m.length
}
// SetLength sets length
func (m *BinAsset) SetLength(len int) {
m.length = len
}
// Read reads the asset
func (m *BinAsset) Read(p []byte) (int, error) {
if m.GetLength() == 0 {
@ -306,6 +358,13 @@ func (m *BinAsset) Read(p []byte) (int, error) {
return m.reader.Read(p)
}
// Write writes the asset
func (m *BinAsset) Write(p []byte) (int, error) {
m.length = len(p)
m.reader = bytes.NewReader(p)
return len(p), nil
}
// Seek resets the reader to offset
func (m *BinAsset) Seek(offset int64, whence int) (int64, error) {
return m.reader.Seek(offset, whence)

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-api-port.yaml vendored
View File

@ -40,7 +40,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd-pod-network-cidr.yaml vendored
View File

@ -40,7 +40,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "192.168.32.0/20"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/containerd.yaml vendored
View File

@ -40,7 +40,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio-options-gates.yaml vendored
View File

@ -46,7 +46,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/crio.yaml vendored
View File

@ -40,7 +40,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/default.yaml vendored
View File

@ -40,7 +40,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/dns.yaml vendored
View File

@ -40,7 +40,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: minikube.local
podSubnet: "10.244.0.0/16"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/image-repository.yaml vendored
View File

@ -41,7 +41,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"

2
pkg/minikube/bootstrapper/bsutil/testdata/v1.22/options.yaml vendored
View File

@ -43,7 +43,7 @@ etcd:
dataDir: /var/lib/minikube/etcd
extraArgs:
proxy-refresh-interval: "70000"
kubernetesVersion: v1.22.0-rc.0
kubernetesVersion: v1.22.0
networking:
dnsDomain: cluster.local
podSubnet: "10.244.0.0/16"

11
pkg/minikube/bootstrapper/certs.go
View File

@ -204,12 +204,15 @@ func generateProfileCerts(k8s config.KubernetesConfig, n config.Node, ccs CACert
return nil, errors.Wrap(err, "getting service cluster ip")
}
apiServerIPs := append(k8s.APIServerIPs,
apiServerIPs := k8s.APIServerIPs
apiServerIPs = append(apiServerIPs,
net.ParseIP(n.IP), serviceIP, net.ParseIP(oci.DefaultBindIPV4), net.ParseIP("10.0.0.1"))
apiServerNames := append(k8s.APIServerNames, k8s.APIServerName, constants.ControlPlaneAlias)
apiServerAlternateNames := append(
apiServerNames,
apiServerNames := k8s.APIServerNames
apiServerNames = append(apiServerNames, k8s.APIServerName, constants.ControlPlaneAlias)
apiServerAlternateNames := apiServerNames
apiServerAlternateNames = append(apiServerAlternateNames,
util.GetAlternateDNS(k8s.DNSDomain)...)
daemonHost := oci.DaemonHost(k8s.ContainerRuntime)

38
pkg/minikube/bootstrapper/images/images.go
View File

@ -34,7 +34,7 @@ func Pause(v semver.Version, mirror string) string {
// Should match `PauseVersion` in:
// https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/constants/constants.go
// https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/constants/constants_unix.go
pv := "3.4.1"
pv := "3.5"
majorMinorVersion := fmt.Sprintf("v%d.%d", v.Major, v.Minor)
imageName := path.Join(kubernetesRepo(mirror), "pause")
@ -72,7 +72,7 @@ func coreDNS(v semver.Version, mirror string) string {
// Should match `CoreDNSImageName` and `CoreDNSVersion` in
// https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/constants/constants.go
cv := "1.8.0"
cv := "1.8.4"
in := "coredns/coredns"
if semver.MustParseRange("<1.21.0-alpha.1")(v) {
in = "coredns"
@ -92,7 +92,7 @@ func etcd(v semver.Version, mirror string) string {
// Note: changing this logic requires bumping the preload version
// Should match `DefaultEtcdVersion` in:
// https://github.com/kubernetes/kubernetes/blob/master/cmd/kubeadm/app/constants/constants.go
ev := "3.4.13-3"
ev := "3.5.0-0"
majorMinorVersion := fmt.Sprintf("v%d.%d", v.Major, v.Minor)
imageName := path.Join(kubernetesRepo(mirror), "etcd")
@ -147,18 +147,34 @@ func KindNet(repo string) string {
return path.Join(repo, "kindnetd:v20210326-1e038dc5")
}
// all calico images are from https://docs.projectcalico.org/manifests/calico.yaml
const calicoVersion = "v3.20.0"
const calicoRepo = "docker.io/calico"
// CalicoDaemonSet returns the image used for calicoDaemonSet
func CalicoDaemonSet(repo string) string {
if repo == "" {
repo = "calico"
}
return path.Join(repo, "node:v3.14.1")
return calicoCommon(repo, "node")
}
// CalicoDeployment returns the image used for calicoDeployment
func CalicoDeployment(repo string) string {
if repo == "" {
repo = "calico"
}
return path.Join(repo, "kube-controllers:v3.14.1")
return calicoCommon(repo, "kube-controllers")
}
// CalicoFelixDriver returns image used for felix driver
func CalicoFelixDriver(repo string) string {
return calicoCommon(repo, "pod2daemon-flexvol")
}
// CalicoBin returns image used for calico binary image
func CalicoBin(repo string) string {
return calicoCommon(repo, "cni")
}
func calicoCommon(repo string, name string) string {
if repo == "" {
repo = calicoRepo
}
return path.Join(repo, fmt.Sprintf("%s:%s", name, calicoVersion))
}

9
pkg/minikube/bootstrapper/images/images_test.go
View File

@ -65,6 +65,15 @@ k8s.gcr.io/kube-proxy:v1.21.0
k8s.gcr.io/pause:3.4.1
k8s.gcr.io/etcd:3.4.13-0
k8s.gcr.io/coredns/coredns:v1.8.0
`, "\n"), "\n")},
{"v1.22.0", strings.Split(strings.Trim(`
k8s.gcr.io/kube-apiserver:v1.22.0
k8s.gcr.io/kube-controller-manager:v1.22.0
k8s.gcr.io/kube-scheduler:v1.22.0
k8s.gcr.io/kube-proxy:v1.22.0
k8s.gcr.io/pause:3.5
k8s.gcr.io/etcd:3.5.0-0
k8s.gcr.io/coredns/coredns:v1.8.4
`, "\n"), "\n")},
}
for _, tc := range testCases {

855
pkg/minikube/cni/calico.go
View File

@ -18,6 +18,8 @@ package cni
import (
"bytes"
// goembed needs this
_ "embed"
"text/template"
"github.com/pkg/errors"
@ -26,851 +28,12 @@ import (
"k8s.io/minikube/pkg/minikube/config"
)
// https://docs.projectcalico.org/manifests/calico.yaml
//go:embed calico.yaml
var calicoYaml string
// calicoTmpl is from https://docs.projectcalico.org/manifests/calico.yaml
var calicoTmpl = template.Must(template.New("calico").Parse(`---
# Source: calico/templates/calico-config.yaml
# This ConfigMap is used to configure a self-hosted Calico installation.
kind: ConfigMap
apiVersion: v1
metadata:
name: calico-config
namespace: kube-system
data:
# Typha is disabled.
typha_service_name: "none"
# Configure the backend to use.
calico_backend: "bird"
# Configure the MTU to use for workload interfaces and the
# tunnels. For IPIP, set to your network MTU - 20; for VXLAN
# set to your network MTU - 50.
veth_mtu: "1440"
# The CNI network configuration to install on each node. The special
# values in this config will be automatically populated.
cni_network_config: |-
{
"name": "k8s-pod-network",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "calico",
"log_level": "info",
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": __CNI_MTU__,
"ipam": {
"type": "calico-ipam"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
},
{
"type": "portmap",
"snat": true,
"capabilities": {"portMappings": true}
},
{
"type": "bandwidth",
"capabilities": {"bandwidth": true}
}
]
}
---
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgpconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPConfiguration
plural: bgpconfigurations
singular: bgpconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgppeers.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPPeer
plural: bgppeers
singular: bgppeer
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: blockaffinities.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BlockAffinity
plural: blockaffinities
singular: blockaffinity
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterinformations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: ClusterInformation
plural: clusterinformations
singular: clusterinformation
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: felixconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: FelixConfiguration
plural: felixconfigurations
singular: felixconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworkpolicies.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkPolicy
plural: globalnetworkpolicies
singular: globalnetworkpolicy
shortNames:
- gnp
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworksets.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkSet
plural: globalnetworksets
singular: globalnetworkset
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hostendpoints.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: HostEndpoint
plural: hostendpoints
singular: hostendpoint
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamblocks.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMBlock
plural: ipamblocks
singular: ipamblock
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamconfigs.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMConfig
plural: ipamconfigs
singular: ipamconfig
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamhandles.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMHandle
plural: ipamhandles
singular: ipamhandle
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ippools.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPPool
plural: ippools
singular: ippool
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: kubecontrollersconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: KubeControllersConfiguration
plural: kubecontrollersconfigurations
singular: kubecontrollersconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networkpolicies.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networksets.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkSet
plural: networksets
singular: networkset
---
---
# Source: calico/templates/rbac.yaml
# Include a clusterrole for the kube-controllers component,
# and bind it to the calico-kube-controllers serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
rules:
# Nodes are watched to monitor for deletions.
- apiGroups: [""]
resources:
- nodes
verbs:
- watch
- list
- get
# Pods are queried to check for existence.
- apiGroups: [""]
resources:
- pods
verbs:
- get
# IPAM resources are manipulated when nodes are deleted.
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
verbs:
- list
- apiGroups: ["crd.projectcalico.org"]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
verbs:
- get
- list
- create
- update
- delete
# kube-controllers manages hostendpoints.
- apiGroups: ["crd.projectcalico.org"]
resources:
- hostendpoints
verbs:
- get
- list
- create
- update
- delete
# Needs access to update clusterinformations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- clusterinformations
verbs:
- get
- create
- update
# KubeControllersConfiguration is where it gets its config
- apiGroups: ["crd.projectcalico.org"]
resources:
- kubecontrollersconfigurations
verbs:
# read its own config
- get
# create a default if none exists
- create
# update status
- update
# watch for changes
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-kube-controllers
subjects:
- kind: ServiceAccount
name: calico-kube-controllers
namespace: kube-system
---
# Include a clusterrole for the calico-node DaemonSet,
# and bind it to the calico-node serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-node
rules:
# The CNI plugin needs to get pods, nodes, and namespaces.
- apiGroups: [""]
resources:
- pods
- nodes
- namespaces
verbs:
- get
- apiGroups: [""]
resources:
- endpoints
- services
verbs:
# Used to discover service IPs for advertisement.
- watch
- list
# Used to discover Typhas.
- get
# Pod CIDR auto-detection on kubeadm needs access to config maps.
- apiGroups: [""]
resources:
- configmaps
verbs:
- get
- apiGroups: [""]
resources:
- nodes/status
verbs:
# Needed for clearing NodeNetworkUnavailable flag.
- patch
# Calico stores some configuration information in node annotations.
- update
# Watch for changes to Kubernetes NetworkPolicies.
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs:
- watch
- list
# Used by Calico for policy information.
- apiGroups: [""]
resources:
- pods
- namespaces
- serviceaccounts
verbs:
- list
- watch
# The CNI plugin patches pods/status.
- apiGroups: [""]
resources:
- pods/status
verbs:
- patch
# Calico monitors various CRDs for config.
- apiGroups: ["crd.projectcalico.org"]
resources:
- globalfelixconfigs
- felixconfigurations
- bgppeers
- globalbgpconfigs
- bgpconfigurations
- ippools
- ipamblocks
- globalnetworkpolicies
- globalnetworksets
- networkpolicies
- networksets
- clusterinformations
- hostendpoints
- blockaffinities
verbs:
- get
- list
- watch
# Calico must create and update some CRDs on startup.
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
- felixconfigurations
- clusterinformations
verbs:
- create
- update
# Calico stores some configuration information on the node.
- apiGroups: [""]
resources:
- nodes
verbs:
- get
- list
- watch
# These permissions are only required for upgrade from v2.6, and can
# be removed after upgrade or on fresh installations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- bgpconfigurations
- bgppeers
verbs:
- create
- update
# These permissions are required for Calico CNI to perform IPAM allocations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
verbs:
- get
- list
- create
- update
- delete
- apiGroups: ["crd.projectcalico.org"]
resources:
- ipamconfigs
verbs:
- get
# Block affinities must also be watchable by confd for route aggregation.
- apiGroups: ["crd.projectcalico.org"]
resources:
- blockaffinities
verbs:
- watch
# The Calico IPAM migration needs to get daemonsets. These permissions can be
# removed if not upgrading from an installation using host-local IPAM.
- apiGroups: ["apps"]
resources:
- daemonsets
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calico-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:
- kind: ServiceAccount
name: calico-node
namespace: kube-system
---
# Source: calico/templates/calico-node.yaml
# This manifest installs the calico-node container, as well
# as the CNI plugins and network config on
# each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: calico-node
namespace: kube-system
labels:
k8s-app: calico-node
spec:
selector:
matchLabels:
k8s-app: calico-node
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
k8s-app: calico-node
annotations:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
nodeSelector:
kubernetes.io/os: linux
hostNetwork: true
tolerations:
# Make sure calico-node gets scheduled on all nodes.
- effect: NoSchedule
operator: Exists
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
serviceAccountName: calico-node
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
terminationGracePeriodSeconds: 0
priorityClassName: system-node-critical
initContainers:
# This container performs upgrade from host-local IPAM to calico-ipam.
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
- name: upgrade-ipam
image: calico/cni:v3.14.1
command: ["/opt/cni/bin/calico-ipam", "-upgrade"]
env:
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CALICO_NETWORKING_BACKEND
valueFrom:
configMapKeyRef:
name: calico-config
key: calico_backend
volumeMounts:
- mountPath: /var/lib/cni/networks
name: host-local-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
securityContext:
privileged: true
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: calico/cni:v3.14.1
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: "10-calico.conflist"
# The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG
valueFrom:
configMapKeyRef:
name: calico-config
key: cni_network_config
# Set the hostname based on the k8s node name.
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# CNI MTU Config variable
- name: CNI_MTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# Prevents the container from sleeping forever.
- name: SLEEP
value: "false"
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
securityContext:
privileged: true
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API.
- name: flexvol-driver
image: calico/pod2daemon-flexvol:v3.14.1
volumeMounts:
- name: flexvol-driver-host
mountPath: /host/driver
securityContext:
privileged: true
containers:
# Runs calico-node container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: calico-node
image: {{ .DaemonSetImageName }}
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
value: "kubernetes"
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: "true"
# Set based on the k8s node name.
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Choose the backend to use.
- name: CALICO_NETWORKING_BACKEND
valueFrom:
configMapKeyRef:
name: calico-config
key: calico_backend
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: "k8s,bgp"
# Auto-detect the BGP IP address.
- name: IP
value: "autodetect"
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
value: "Always"
# Enable or Disable VXLAN on the default IP pool.
- name: CALICO_IPV4POOL_VXLAN
value: "Never"
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# Set MTU for the VXLAN tunnel device.
- name: FELIX_VXLANMTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within --cluster-cidr
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
# Disable file logging so kubectl logs works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: "ACCEPT"
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: "false"
# Set Felix logging to "info"
- name: FELIX_LOGSEVERITYSCREEN
value: "info"
- name: FELIX_HEALTHENABLED
value: "true"
- name: IP_AUTODETECTION_METHOD
value: interface=eth.*
securityContext:
privileged: true
resources:
requests:
cpu: 250m
livenessProbe:
exec:
command:
- /bin/calico-node
- -felix-live
- -bird-live
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/calico-node
- -felix-ready
- -bird-ready
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- mountPath: /var/run/calico
name: var-run-calico
readOnly: false
- mountPath: /var/lib/calico
name: var-lib-calico
readOnly: false
- name: policysync
mountPath: /var/run/nodeagent
volumes:
# Used by calico-node.
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run-calico
hostPath:
path: /var/run/calico
- name: var-lib-calico
hostPath:
path: /var/lib/calico
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
# Used to install CNI.
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
# Mount in the directory for host-local IPAM allocations. This is
# used when upgrading from host-local to calico-ipam, and can be removed
# if not using the upgrade-ipam init container.
- name: host-local-net-dir
hostPath:
path: /var/lib/cni/networks
# Used to create per-pod Unix Domain Sockets
- name: policysync
hostPath:
type: DirectoryOrCreate
path: /var/run/nodeagent
# Used to install Flex Volume Driver
- name: flexvol-driver-host
hostPath:
type: DirectoryOrCreate
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
namespace: kube-system
---
# Source: calico/templates/calico-kube-controllers.yaml
# See https://github.com/projectcalico/kube-controllers
apiVersion: apps/v1
kind: Deployment
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
spec:
# The controllers can only have a single active instance.
replicas: 1
selector:
matchLabels:
k8s-app: calico-kube-controllers
strategy:
type: Recreate
template:
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
nodeSelector:
kubernetes.io/os: linux
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- key: node-role.kubernetes.io/master
effect: NoSchedule
serviceAccountName: calico-kube-controllers
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: {{ .DeploymentImageName }}
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS
value: node
- name: DATASTORE_TYPE
value: kubernetes
readinessProbe:
exec:
command:
- /usr/bin/check-status
- -r
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-kube-controllers
namespace: kube-system
---
# Source: calico/templates/calico-etcd-secrets.yaml
---
# Source: calico/templates/calico-typha.yaml
---
# Source: calico/templates/configure-canal.yaml
`))
var calicoTmpl = template.Must(template.New("calico").Parse(calicoYaml))
// Calico is the Calico CNI manager
type Calico struct {
@ -880,6 +43,8 @@ type Calico struct {
type calicoTmplStruct struct {
DeploymentImageName string
DaemonSetImageName string
FelixDriverImageName string
BinaryImageName string
}
// String returns a string representation of this CNI
@ -892,6 +57,8 @@ func (c Calico) manifest() (assets.CopyableFile, error) {
input := &calicoTmplStruct{
DeploymentImageName: images.CalicoDeployment(c.cc.KubernetesConfig.ImageRepository),
DaemonSetImageName: images.CalicoDaemonSet(c.cc.KubernetesConfig.ImageRepository),
FelixDriverImageName: images.CalicoFelixDriver(c.cc.KubernetesConfig.ImageRepository),
BinaryImageName: images.CalicoBin(c.cc.KubernetesConfig.ImageRepository),
}
b := bytes.Buffer{}

4090
pkg/minikube/cni/calico.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

263
pkg/minikube/cni/cilium.go
View File

@ -23,23 +23,23 @@ import (
"k8s.io/minikube/pkg/minikube/config"
)
// From https://raw.githubusercontent.com/cilium/cilium/v1.8/install/kubernetes/quick-install.yaml
// From https://raw.githubusercontent.com/cilium/cilium/v1.9/install/kubernetes/quick-install.yaml
var ciliumTmpl = `---
# Source: cilium/charts/agent/templates/serviceaccount.yaml
# Source: cilium/templates/cilium-agent-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: cilium
namespace: kube-system
---
# Source: cilium/charts/operator/templates/serviceaccount.yaml
# Source: cilium/templates/cilium-operator-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: cilium-operator
namespace: kube-system
---
# Source: cilium/charts/config/templates/configmap.yaml
# Source: cilium/templates/cilium-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
@ -58,9 +58,14 @@ data:
# the kvstore by commenting out the identity-allocation-mode below, or
# setting it to "kvstore".
identity-allocation-mode: crd
cilium-endpoint-gc-interval: "5m0s"
# If you want to run cilium in debug mode change this value to true
debug: "false"
# The agent can be put into the following three policy enforcement modes
# default, always and never.
# https://docs.cilium.io/en/latest/policy/intro/#policy-enforcement-modes
enable-policy: "default"
# Enable IPv4 addressing. If enabled, all endpoints are allocated an IPv4
# address.
@ -69,8 +74,10 @@ data:
# Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6
# address.
enable-ipv6: "false"
# Users who wish to specify their own custom CNI configuration file must set
# custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
custom-cni-conf: "false"
enable-bpf-clock-probe: "true"
# If you want cilium monitor to aggregate tracing for packets, set this level
# to "low", "medium", or "maximum". The higher the level, the less packets
# that will be seen in monitor output.
@ -87,13 +94,15 @@ data:
#
# Only effective when monitor aggregation is set to "medium" or higher.
monitor-aggregation-flags: all
# bpf-policy-map-max specified the maximum number of entries in endpoint
# policy map (per endpoint)
bpf-policy-map-max: "16384"
# Specifies the ratio (0.0-1.0) of total system memory to use for dynamic
# sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps.
bpf-map-dynamic-size-ratio: "0.0025"
# bpf-policy-map-max specifies the maximum number of entries in endpoint
# policy map (per endpoint)
bpf-policy-map-max: "16384"
# bpf-lb-map-max specifies the maximum number of entries in bpf lb service,
# backend and affinity maps.
bpf-lb-map-max: "65536"
# Pre-allocation of map entries allows per-packet latency to be reduced, at
# the expense of up-front memory allocation for the entries in the maps. The
# default value below will minimize memory usage in the default installation;
@ -104,9 +113,8 @@ data:
#
# If this value is modified, then during the next Cilium startup the restore
# of existing endpoints and tracking of ongoing connections may be disrupted.
# This may lead to policy drops or a change in loadbalancing decisions for a
# connection for some time. Endpoints may need to be recreated to restore
# connectivity.
# As a result, reply packets may be dropped and the load-balancing decisions
# for established connections may change.
#
# If this option is set to "false" during an upgrade from 1.3 or earlier to
# 1.4 or later, then it may cause one-time disruptions during the upgrade.
@ -116,61 +124,63 @@ data:
# container image names
sidecar-istio-proxy-image: "cilium/istio_proxy"
# Name of the cluster. Only relevant when building a mesh of clusters.
cluster-name: default
# Unique ID of the cluster. Must be unique across all conneted clusters and
# in the range of 1 and 255. Only relevant when building a mesh of clusters.
cluster-id: ""
# Encapsulation mode for communication between nodes
# Possible values:
# - disabled
# - vxlan (default)
# - geneve
tunnel: vxlan
# Name of the cluster. Only relevant when building a mesh of clusters.
cluster-name: default
# DNS Polling periodically issues a DNS lookup for each 'matchName' from
# cilium-agent. The result is used to regenerate endpoint policy.
# DNS lookups are repeated with an interval of 5 seconds, and are made for
# A(IPv4) and AAAA(IPv6) addresses. Should a lookup fail, the most recent IP
# data is used instead. An IP change will trigger a regeneration of the Cilium
# policy for each endpoint and increment the per cilium-agent policy
# repository revision.
#
# This option is disabled by default starting from version 1.4.x in favor
# of a more powerful DNS proxy-based implementation, see [0] for details.
# Enable this option if you want to use FQDN policies but do not want to use
# the DNS proxy.
#
# To ease upgrade, users may opt to set this option to "true".
# Otherwise please refer to the Upgrade Guide [1] which explains how to
# prepare policy rules for upgrade.
#
# [0] http://docs.cilium.io/en/stable/policy/language/#dns-based
# [1] http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action
tofqdns-enable-poller: "false"
# Enables L7 proxy for L7 policy enforcement and visibility
enable-l7-proxy: "true"
# wait-bpf-mount makes init container wait until bpf filesystem is mounted
wait-bpf-mount: "false"
masquerade: "true"
enable-bpf-masquerade: "true"
enable-xt-socket-fallback: "true"
install-iptables-rules: "true"
auto-direct-node-routes: "false"
enable-bandwidth-manager: "false"
enable-local-redirect-policy: "false"
kube-proxy-replacement: "probe"
kube-proxy-replacement-healthz-bind-address: ""
enable-health-check-nodeport: "true"
node-port-bind-protection: "true"
enable-auto-protect-node-port-range: "true"
enable-session-affinity: "true"
k8s-require-ipv4-pod-cidr: "true"
k8s-require-ipv6-pod-cidr: "false"
enable-endpoint-health-checking: "true"
enable-health-checking: "true"
enable-well-known-identities: "false"
enable-remote-node-identity: "true"
operator-api-serve-addr: "127.0.0.1:9234"
# Enable Hubble gRPC service.
enable-hubble: "true"
# UNIX domain socket for Hubble server to listen to.
hubble-socket-path: "/var/run/cilium/hubble.sock"
# An additional address for Hubble server to listen to (e.g. ":4244").
hubble-listen-address: ":4244"
hubble-disable-tls: "false"
hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
ipam: "cluster-pool"
cluster-pool-ipv4-cidr: "10.0.0.0/8"
cluster-pool-ipv4-mask-size: "24"
disable-cnp-status-updates: "true"
cgroup-root: "/run/cilium/cgroupv2"
---
# Source: cilium/charts/agent/templates/clusterrole.yaml
# Source: cilium/templates/cilium-agent-clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -207,6 +217,16 @@ rules:
- ""
resources:
- pods
- pods/finalizers
verbs:
- get
- list
- watch
- update
- delete
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
@ -225,27 +245,40 @@ rules:
resources:
- customresourcedefinitions
verbs:
# Deprecated for removal in v1.10
- create
- get
- list
- watch
- update
# This is used when validating policies in preflight. This will need to stay
# until we figure out how to avoid "get" inside the preflight, and then
# should be removed ideally.
- get
- apiGroups:
- cilium.io
resources:
- ciliumnetworkpolicies
- ciliumnetworkpolicies/status
- ciliumnetworkpolicies/finalizers
- ciliumclusterwidenetworkpolicies
- ciliumclusterwidenetworkpolicies/status
- ciliumclusterwidenetworkpolicies/finalizers
- ciliumendpoints
- ciliumendpoints/status
- ciliumendpoints/finalizers
- ciliumnodes
- ciliumnodes/status
- ciliumnodes/finalizers
- ciliumidentities
- ciliumidentities/finalizers
- ciliumlocalredirectpolicies
- ciliumlocalredirectpolicies/status
- ciliumlocalredirectpolicies/finalizers
verbs:
- '*'
---
# Source: cilium/charts/operator/templates/clusterrole.yaml
# Source: cilium/templates/cilium-operator-clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@ -287,14 +320,22 @@ rules:
resources:
- ciliumnetworkpolicies
- ciliumnetworkpolicies/status
- ciliumnetworkpolicies/finalizers
- ciliumclusterwidenetworkpolicies
- ciliumclusterwidenetworkpolicies/status
- ciliumclusterwidenetworkpolicies/finalizers
- ciliumendpoints
- ciliumendpoints/status
- ciliumendpoints/finalizers
- ciliumnodes
- ciliumnodes/status
- ciliumnodes/finalizers
- ciliumidentities
- ciliumidentities/status
- ciliumidentities/finalizers
- ciliumlocalredirectpolicies
- ciliumlocalredirectpolicies/status
- ciliumlocalredirectpolicies/finalizers
verbs:
- '*'
- apiGroups:
@ -302,11 +343,30 @@ rules:
resources:
- customresourcedefinitions
verbs:
- create
- get
- list
- update
- watch
# For cilium-operator running in HA mode.
#
# Cilium operator running in HA mode requires the use of ResourceLock for Leader Election
# between multiple running instances.
# The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less
# common and fewer objects in the cluster watch "all Leases".
# The support for leases was introduced in coordination.k8s.io/v1 during Kubernetes 1.14 release.
# In Cilium we currently don't support HA mode for K8s version < 1.14. This condition make sure
# that we only authorize access to leases resources in supported K8s versions.
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
---
# Source: cilium/charts/agent/templates/clusterrolebinding.yaml
# Source: cilium/templates/cilium-agent-clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@ -320,7 +380,7 @@ subjects:
name: cilium
namespace: kube-system
---
# Source: cilium/charts/operator/templates/clusterrolebinding.yaml
# Source: cilium/templates/cilium-operator-clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@ -334,7 +394,7 @@ subjects:
name: cilium-operator
namespace: kube-system
---
# Source: cilium/charts/agent/templates/daemonset.yaml
# Source: cilium/templates/cilium-agent-daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
@ -346,6 +406,10 @@ spec:
selector:
matchLabels:
k8s-app: cilium
updateStrategy:
rollingUpdate:
maxUnavailable: 2
type: RollingUpdate
template:
metadata:
annotations:
@ -414,16 +478,16 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CILIUM_Cilium_MASTER_DEVICE
- name: CILIUM_FLANNEL_MASTER_DEVICE
valueFrom:
configMapKeyRef:
key: Cilium-master-device
key: flannel-master-device
name: cilium-config
optional: true
- name: CILIUM_Cilium_UNINSTALL_ON_EXIT
- name: CILIUM_FLANNEL_UNINSTALL_ON_EXIT
valueFrom:
configMapKeyRef:
key: Cilium-uninstall-on-exit
key: flannel-uninstall-on-exit
name: cilium-config
optional: true
- name: CILIUM_CLUSTERMESH_CONFIG
@ -440,7 +504,7 @@ spec:
key: custom-cni-conf
name: cilium-config
optional: true
image: "docker.io/cilium/cilium:v1.8.0"
image: "quay.io/cilium/cilium:v1.9.9@sha256:a85d5cff13f8231c2e267d9fc3c6e43d24be4a75dac9f641c11ec46e7f17624d"
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
@ -480,8 +544,37 @@ spec:
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
- mountPath: /var/lib/cilium/tls/hubble
name: hubble-tls
readOnly: true
hostNetwork: true
initContainers:
# Required to mount cgroup2 filesystem on the underlying Kubernetes node.
# We use nsenter command with host's cgroup and mount namespaces enabled.
- name: mount-cgroup
env:
- name: CGROUP_ROOT
value: /run/cilium/cgroupv2
- name: BIN_PATH
value: /opt/cni/bin
command:
- sh
- -c
# The statically linked Go program binary is invoked to avoid any
# dependency on utilities like sh and mount that can be missing on certain
# distros installed on the underlying host. Copy the binary to the
# same directory where we install cilium cni plugin so that exec permissions
# are available.
- 'cp /usr/bin/cilium-mount /hostbin/cilium-mount && nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-mount" $CGROUP_ROOT; rm /hostbin/cilium-mount'
image: "quay.io/cilium/cilium:v1.9.9@sha256:a85d5cff13f8231c2e267d9fc3c6e43d24be4a75dac9f641c11ec46e7f17624d"
imagePullPolicy: IfNotPresent
volumeMounts:
- mountPath: /hostproc
name: hostproc
- mountPath: /hostbin
name: cni-path
securityContext:
privileged: true
- command:
- /init-container.sh
env:
@ -503,7 +596,7 @@ spec:
key: wait-bpf-mount
name: cilium-config
optional: true
image: "docker.io/cilium/cilium:v1.8.0"
image: "quay.io/cilium/cilium:v1.9.9@sha256:a85d5cff13f8231c2e267d9fc3c6e43d24be4a75dac9f641c11ec46e7f17624d"
imagePullPolicy: IfNotPresent
name: clean-cilium-state
securityContext:
@ -515,6 +608,10 @@ spec:
- mountPath: /sys/fs/bpf
name: bpf-maps
mountPropagation: HostToContainer
# Required to mount cgroup filesystem from the host to cilium agent pod
- mountPath: /run/cilium/cgroupv2
name: cilium-cgroup
mountPropagation: HostToContainer
- mountPath: /var/run/cilium
name: cilium-run
resources:
@ -539,6 +636,16 @@ spec:
path: /sys/fs/bpf
type: DirectoryOrCreate
name: bpf-maps
# To mount cgroup2 filesystem on the host
- hostPath:
path: /proc
type: Directory
name: hostproc
# To keep state between restarts / upgrades for cgroup2 filesystem
- hostPath:
path: /run/cilium/cgroupv2
type: DirectoryOrCreate
name: cilium-cgroup
# To install cilium cni plugin in the host
- hostPath:
path: /opt/cni/bin
@ -568,12 +675,25 @@ spec:
- configMap:
name: cilium-config
name: cilium-config-path
updateStrategy:
rollingUpdate:
maxUnavailable: 2
type: RollingUpdate
- name: hubble-tls
projected:
sources:
- secret:
name: hubble-server-certs
items:
- key: tls.crt
path: server.crt
- key: tls.key
path: server.key
optional: true
- configMap:
name: hubble-ca-cert
items:
- key: ca.crt
path: client-ca.crt
optional: true
---
# Source: cilium/charts/operator/templates/deployment.yaml
# Source: cilium/templates/cilium-operator-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
@ -583,6 +703,9 @@ metadata:
name: cilium-operator
namespace: kube-system
spec:
# We support HA mode only for Kubernetes version > 1.14
# See docs on ServerCapabilities.LeasesResourceLock in file pkg/k8s/version/version.go
# for more details.
replicas: 1
selector:
matchLabels:
@ -600,6 +723,18 @@ spec:
io.cilium/app: operator
name: cilium-operator
spec:
# In HA mode, cilium-operator pods must not be scheduled on the same
# node as they will clash with each other.
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: io.cilium/app
operator: In
values:
- operator
topologyKey: kubernetes.io/hostname
containers:
- args:
- --config-dir=/tmp/cilium/config-map
@ -623,25 +758,7 @@ spec:
key: debug
name: cilium-config
optional: true
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: AWS_ACCESS_KEY_ID
name: cilium-aws
optional: true
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: AWS_SECRET_ACCESS_KEY
name: cilium-aws
optional: true
- name: AWS_DEFAULT_REGION
valueFrom:
secretKeyRef:
key: AWS_DEFAULT_REGION
name: cilium-aws
optional: true
image: "docker.io/cilium/operator-generic:v1.8.0"
image: "quay.io/cilium/operator-generic:v1.9.9@sha256:3726a965cd960295ca3c5e7f2b543c02096c0912c6652eb8bbb9ce54bcaa99d8"
imagePullPolicy: IfNotPresent
name: cilium-operator
livenessProbe:
@ -662,6 +779,8 @@ spec:
priorityClassName: system-cluster-critical
serviceAccount: cilium-operator
serviceAccountName: cilium-operator
tolerations:
- operator: Exists
volumes:
# To read the configuration from the config map
- configMap:

Some files were not shown because too many files have changed in this diff Show More